Re: Secure Password Policy?

[Neil <neil () voidfx net>]

On 1/19/2006 11:08 PM, Mike Dieroff wrote:
> As far as I remember, the NTLANMAN hash maxed at 8 and LM hashes at 13
> characters... could be corrected...

NTLM hashes are not maxed at 8, or 13 characters.  If they're capped at
all, they're capped at some extreme limit, maybe 256 or some such.

> 2.) Full complexity: Upper and lower case, numerals, alphanumerics  
> <----  Don't forget the spacebar here!!always a good one!

I don't like using spaces in passwords because a lot of tools and
programs (particularly on the commandline) use space as a delimiter, so
there's a potential for problems there.

That said, usually those programs implement quotes properly, so I've not
had that issue in a while; and if you're only using your password to log
into Windows (like most users), than no harm in spaces.


-- 
Neil.
http://voidfx.net
"I plan to live for ever or die trying."
--Anonymous

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------