Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Whitespace in passwords

from [Tim] Network Security [Permanent Link]
Subject: Re: Whitespace in passwords
Date: Mon, 19 Sep 2005 13:10:20 -0600 
Ok, we are now onto Rainbow tables. Sure, they can recover passwords
very quickly BUT they too have a limitation. Currently the Shmoo
tables are focused on LanMan challenge/responses which we all know are
WEAK (in soo many meanings of the word). Rainbow tables take quite a
bit of time to generate and to go through all of the possible
combinations for a table that is ALL LOWERCASE and 14 characters long
regardless of the algo would take more time then I have on this planet
(possibly more time that all of us combined).

I am soo sorry for using LanMan as an example in my earlier post.
LanMan only goes to 7 characters as that is the foundation of one of
it's biggest flaws. Also, keep in mind that there are not too many
programs that accept Alt-ASCII characters so that may not be
acceptable. Bryan Allott posted earlier the biggest point -->
passPHRASES <-- Go back to my earlier post with the math (ignore that
I used LanMan as an example).

The longer the passPHRASE it becomes exponentally more difficult to
recover he passPHRASE. Any password that is under 10 characters is
EASILY recoverable within the typical 90 day expiration time. That is
why pushing the users to create easily remembered passPHRASES is much
more effective then some sort of goobly gook that they will have a
hard time remembering and end up writing down in a post-it note stuck
to their monitor. One stupid character (regardless of what it is) will
NOT make a significant difference. Do not assume that by throwing in a
Alt-182 character will make your password 'unbreakable'.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: MS SQL Server, Michael Gargiullo
Next by Date:  RE: MS SQL Server (cracking accounts), Evans, Arian
Previous by Thread:  RE: Whitespace in passwords, Bryan McAninch
Next by Thread:  RE: Whitespace in passwords, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]