Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords"
From: "dave kleiman" <dave () isecureu com>
Date: Mon, 26 Sep 2005 10:00:21 -0400


Regarding "Whitespace in passwords", and as some people
already mentioned, modern password cracking software (both
commercial and free) can find non-printable chars, so space
or ALT-whatever are going to be found anyway.
Rainbow tables now tend to include space, but I still haven't
heard of anyone producing a table for 0x00-0xff
(0x0000-0xffff if you use extended unicode chars ;-)
Applications CAN be broken by using strange characters, so YMMV.



Can you provide a list of those that have that ability, I will gladly test
them.

The most popular ones cannot i.e. L0pht, Cain etc. See:
http://www.securityfocus.com/archive/88/312263


Dave




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]