mailing list archives
Re: Fwd: How does the Cain and Abel SAM dump works?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 16 Jul 2008 17:23:38 +0200
On 2008-07-16 Dave Hull wrote:
On Tue, Jul 15, 2008 at 2:14 PM, Eric Snyder <Eric.S () aefcu com> wrote:
How are you checking / cracking longer, 15 character plus, passwords?
The best table I have seen is 14 character. Do you have a source for
15+ character tables that use every possible printable characters;
commas, spaces, grave accents, etc.?
Remember that if the password is more than 14 characters, Windows
won't write an LM hash of it to the SAM file. Instead, an NT hash will
be written along with a bogus LM hash. The LM hash is pretty weak as
it is hashed on a seven bit boundary, thus your Rainbow tables
actually only have to have hashes computed for seven character
This is why I recommend passwords be at least 15 characters.
Or, you could simply disallow LM authentication via local policies.
In my opinion, size matters more than complexity.
Nope. Length and complexity are equivalent. Increase length and you need
less complexity, increase complexity and you need less length. It's just
easier to increase the length, because keyboards tend to limit the
number of available characters.
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq
Re: How does the Cain and Abel SAM dump works? Carlos Madrid (Jul 16)
Re: How does the Cain and Abel SAM dump works? Patrick Webster (Jul 16)