mailing list archives
RE: Whitespace in passwords
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 19 Sep 2005 06:55:28 +1000
Please note I was pointing to the "success rates" table for NTLM
The lowest is 80.19% as it stands. This is not all the tables are precomputed, but there is still an 80+ % crack rate
(and this is growing)
Further - this is not the only table source. Further - there is no manner in which you will enforce extended passwords.
As I initially stated - the issue is in protecting the password and stopping a copy from being tested. There are means
available to do this. If you are still on NT 4.0 - than it is time to upgrade.
The success rate is 80.19% for "alpha numeric symbol 32 space" - this is EVERYthing in NTLM - not just space or
extended - the table is 53% derived- but if you read further - this equates to an 80.19% crack rate.
Remember there is a user at the other end - they have to remember. Please explain how a user will enter and remember a
passphrase such as
"S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars
From: dave kleiman [mailto:dave () isecureu com]
Sent: Mon 19/09/2005 5:49 AM
To: pen-test () securityfocus com
Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar () gmail com; 'Peter Parker'
Subject: RE: Whitespace in passwords
- Re: Whitespace in passwords, (continued)