Security Basics mailing list archives
RE: Using non-printable characters in passwords
From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun () Optrics com>
Date: Thu, 7 Aug 2003 10:28:20 -0600
-----Original Message----- From: Optrics Engineering - Shaun Sturby, MCSE [mailto:Shaun () Optrics com] Sent: Thursday, August 07, 2003 10:20 AM To: 'security-basics () securityfocus com' Cc: 'Edmunds, Ron' Subject: RE: Using non-printable characters in passwords Hello Ron, This depends on the code page or character set used on your system but it doesn't really matter what code page you use for this trick as all you really want is to use characters on your system that are not in the common 'a-z' 'A-Z' '0-1' set. This causes John the Ripper or the @Stake password cracker take much longer to crack your password. That is if your hacker doesn't use the system recently reported that takes 13 seconds to compare, not generate and compare, your encrypted password to a pre-generated 1.7 GB list of all possible password hashes. Shaun P.S. Maybe I wasn't clear but the manifesto and hint listed below is not mine. I just did a Google search and forwarded what I thought was a good summary of this tip. -----Original Message----- From: Edmunds, Ron Sent: Thursday, August 07, 2003 9:35 AM To: 'Optrics Engineering - Shaun Sturby, MCSE' Subject: RE: Using non-printable characters in passwords What system are you typing these characters on? Alt-63 gives me ?. Alt-156 gives me £. -----Original Message----- From: Optrics Engineering - Shaun Sturby, MCSE Sent: Wednesday, August 06, 2003 5:30 PM To: security-basics () securityfocus com Subject: RE: Using non-printable characters in passwords Executive Summary: This manifesto is designed to give system administrators a better grasp on the importance of password security. It is also designed to help users understand the importance of choosing a strong password http://www.somorita.com/Networking/PasswordManifesto.asp Want to make it even stronger? The there are some characters that you can type but that don't exist on the keyboard. I call these ALT characters. You get these characters by holding down the ALT key and typing a code on the numeric keypad. For example, if I type ALT-156 I get ?. Pretty kewl, eh? And you can use that as a key combination as one of the characters in your password. Most password cracking programs never check those characters and if they did it would take them much longer to crack passwords. Some of the common ALT combinations are shown at the end of this document. -----Original Message----- From: Birl [mailto:sbirl () temple edu] Sent: Wednesday, August 06, 2003 12:41 PM To: security-basics () securityfocus com Subject: Using non-printable characters in passwords Using cross-platform keyboards (SUN, Windows, Mac), how does one use non-printable characters in their passwords? Since I work cross-platform, I use only a limited number of characters while holding down the CTRL key. Whilst searching Google, I came across a SecurityFocus article that said: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric keypad" Additionally, the Google search I used non-printable characters passwords came up with more information about recovery and programs to avoid using non-printable characters. Are there any other combinations? If I recall correctly, a SANS instructor mentioned making use of the "Print Screen" key. Thanks in advance Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* _____________________________________________________________ IMail Server has scanned this e-mail for Viruses and SPAM using Declude Virus & Declude Junkmail available from www.Optrics.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Using non-printable characters in passwords Birl (Aug 06)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- <Possible follow-ups>
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
- RE: Using non-printable characters in passwords Birl (Aug 26)