Re: NT4 password limited to 14 characters ?
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Sat, 21 Jul 2007 20:10:22 -0700
There are two hashes:
* LM
* NT
There are four authentication methods:
* LM
* NTLM
* NTLMv2
* Kerberos
Here's how they relate:
* LM authentication uses the LM hash
* NTLM, NTLMv2, and Kerberos all use the NT hash
(It's incorrect to say "NTLM" or "NTLMv2" hash.)
LM hashes (and it's really a stretch to call them "hashes") are generated only if both of these are true:
* You haven't disabled LM hash generation
* Your password length is 14 characters or less
In NT 4.0, the User Manager wouldn't permit you to enter a password longer than 14 characters. Windows 2000 and higher permit entering a password up to 127 characters; the actual maximum length is 255 characters.
If, however, you meet a certain, ah, esoteric set of requirements, your minimum length must be at least 18,770 characters. :) Actually, that's a UI bug described in http://support.microsoft.com/kb/q276304/. Still, it's funny.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
<jwgoerlich@xxxxxxxxx> wrote in message news:1184585840.401754.150720@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello Pascal,.
The answer lies in how Windows hashes and stores the passwords. There
are three mechanisms: LM (MD4), NTLM hash (MD4), and NTLMv2 (MD5).
LM has a maximum length of 14 characters. It breaks the password up
into two 7 character strings, makes both strings uppercase, and then
hashes the strings. Because of the length and because of the case
insensitivity, LM is very easy to break with brute force tools.
NTLM also has a maximum length of 14 characters. It hashes the
password as one 14 character chunk and does not change the characters
to uppercase. It is a little better than LM.
NTLMv2 has a maximum length of 127 Unicode characters or 254 Ascii
characters. Most systems use Unicode to support international
character sets, and thus 127 is the number you will see most often.
Windows NT4 will use either NTLM or NTLMv2. If at all possible in your
environment, set it to only use NTLMv2 (see 147706). Using "Net User"
may still default to 14 characters because the utility may not
recognize the change. Usrmgr should be fine, however.
Hope that helps,
J Wolfgang Goerlich
Microsoft Article 147706, How to disable LM authentication on Windows
NT
http://support.microsoft.com/kb/147706
On Jul 16, 5:24 am, Pascal <pasca...@xxxxxxxxxxxxxxxxxx> wrote:Hi,
sorry for this "noob" question but is there a password limit on NT4
SP6a ?
Indeed, I am not able to define a password that has more than 14
characters length.
SOmetimes I am reading that the limit is 128 characters and sometimes
it is 14 characters.
Please someone could help me ? :)
Thank you
--
Pascal
- Follow-Ups:
- Re: NT4 password limited to 14 characters ?
- From: jwgoerlich
- Re: NT4 password limited to 14 characters ?
- References:
- NT4 password limited to 14 characters ?
- From: Pascal
- Re: NT4 password limited to 14 characters ?
- From: jwgoerlich
- NT4 password limited to 14 characters ?
- Prev by Date: Re: How to force User log off when time expires?
- Next by Date: Re: Creating CA and self-signed cert for EFS recovery
- Previous by thread: Re: NT4 password limited to 14 characters ?
- Next by thread: Re: NT4 password limited to 14 characters ?
- Index(es):
Relevant Pages
|
