lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4176092A.7060704@paradigmo.com>
From: stephane.nasdrovisky at paradigmo.com (stephane nasdrovisky)
Subject: Senior M$ member says stop using passwords
 completely!

Todd Towles wrote:

>I was under the understand that passwords of over 14 characters were
>stored with a more secure hash, therefore 14 characters passwords were
>harder to crack, due to the more secure hash. Windows will create two
>different hashes for passwords shorting than 14 characters, I do
>believe.
>  
>
If my memory is right, lm passwords are hashed as 2*7 uppercase bytes 
(which is not the same as 14 bytes, it's easier to bf)
If lm passwords are enabled, even longer passwords will collide with a 
14 characters password (as far as you're more interested in accessing 
one's account than knowing its dog's name, i.e. if your pass is "My name 
is bond, james bond!", using "MY NAME IS BON" will give you the access 
you diserve)!
Back in the nt 4.0 time, it was required to disable lm passwords (w95 
compatibility issue) in order to have stronger passwords (if nt password 
fails, lm password is checked).

>Just use a non-printable character in your password and cracking is
>useless...if they crack it, they can't read what they cracked. ;) 
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ