Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Whitespace in passwords
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 19 Sep 2005 06:55:28 +1000

Please note I was pointing to the "success rates" table for NTLM
The lowest is 80.19% as it stands. This is not all the tables are precomputed, but there is still an 80+ % crack rate 
(and this is growing)
Further - this is not the only table source. Further - there is no manner in which you will enforce extended passwords. 
As I initially stated - the issue is in protecting the password and stopping a copy from being tested. There are means 
available to do this. If you are still on NT 4.0 - than it is time to upgrade.
The success rate is 80.19% for "alpha numeric symbol 32 space" - this is EVERYthing in NTLM - not just space or 
extended - the table is 53% derived- but if you read further - this equates to an 80.19% crack rate.
Remember there is a user at the other end - they have to remember. Please explain how a user will enter and remember a 
passphrase such as 
"S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars

        -----Original Message----- 
        From: dave kleiman [mailto:dave () isecureu com] 
        Sent: Mon 19/09/2005 5:49 AM 
        To: pen-test () securityfocus com 
        Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar () gmail com; 'Peter Parker' 
        Subject: RE: Whitespace in passwords

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]