Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Whitespace in passwords

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Whitespace in passwords
Date: Mon, 19 Sep 2005 06:55:28 +1000 
Please note I was pointing to the "success rates" table for NTLM
 
The lowest is 80.19% as it stands. This is not all the tables are precomputed, 
but there is still an 80+ % crack rate (and this is growing)
 
Further - this is not the only table source. Further - there is no manner in 
which you will enforce extended passwords. As I initially stated - the issue is 
in protecting the password and stopping a copy from being tested. There are 
means available to do this. If you are still on NT 4.0 - than it is time to 
upgrade.
 
The success rate is 80.19% for "alpha numeric symbol 32 space" - this is 
EVERYthing in NTLM - not just space or extended - the table is 53% derived- but 
if you read further - this equates to an 80.19% crack rate.
 
Remember there is a user at the other end - they have to remember. Please 
explain how a user will enter and remember a passphrase such as 
"S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars
 
Craig

        -----Original Message----- 
        From: dave kleiman [mailto:dave@isecureu.com] 
        Sent: Mon 19/09/2005 5:49 AM 
        To: pen-test@securityfocus.com 
        Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar@gmail.com; 
'Peter Parker' 
        Subject: RE: Whitespace in passwords
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Whitespace in passwords, Stephen J. Smoogen
Next by Date:  Re: Whitespace in passwords, R. DuFresne
Previous by Thread:  RE: Whitespace in passwords, Craig Wright
Next by Thread:  RE: Whitespace in passwords, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]