RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords"

From: dave kleiman (dave@isecureu.com)
Date: Mon Sep 26 2005 - 10:00:21 EDT


>
> Regarding "Whitespace in passwords", and as some people
> already mentioned, modern password cracking software (both
> commercial and free) can find non-printable chars, so space
> or ALT-whatever are going to be found anyway.
> Rainbow tables now tend to include space, but I still haven't
> heard of anyone producing a table for 0x00-0xff
> (0x0000-0xffff if you use extended unicode chars ;-)
> Applications CAN be broken by using strange characters, so YMMV.
>

Can you provide a list of those that have that ability, I will gladly test
them.

The most popular ones cannot i.e. L0pht, Cain etc. See:
http://www.securityfocus.com/archive/88/312263

Dave

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT