Security Basics mailing list archives
RE: Using non-printable characters in passwords
From: "dave kleiman" <dave () netmedic net>
Date: Thu, 7 Aug 2003 21:44:20 -0400
Birl, To your original question: It all depends on how the hash is being stored in your "cross-platform" situation. Microsoft's Unicode table often does not always map to the extended ASCII character representations of that particular character. What happens is although you type "ALT+somenumber" (on the number keypad) in the keyboard (extended ASCII character) it is immediately translated into the Unicode table representation of this. That is why many programs "user2sid", "Lopht" etc. cannot represent this character. Microsoft stores these in two separate strings; 1 is ANSI, 1 is Unicode. If the program is checking the ANSI string for username with "ALT+228 at the end it will not find it. (Same thing if it is in the password). Open Word go to insert symbol. Click on the v (square root symbol). Look at the bottom of the table it says "Character Code 221A from Unicode (Hex)" "Shortcut Key 221A, Alt+X. I bet you have to hit ALT+251 to reproduce it though. So your answer is "MAYBE". If the hash is passed along in Unicode from platform to platform and the Unicode tables match you may have a happy cross-platform password. For one software application it may work for another it might not. There is a short reference to it in a post I made a while back, please take a look at it. http://www.securityfocus.com/archive/88/312263 _____________________ Dave Kleiman dave () netmedic net www.netmedic.net -----Original Message----- From: Birl [mailto:sbirl () temple edu] Sent: Thursday, August 07, 2003 13:26 To: security-basics () securityfocus com Subject: Re: Using non-printable characters in passwords Although I very much value the 4 responses I have received so far, I think I should clarify my original question better: Are there any other keys (or combination thereof) besides, CTRL or ALT, that can be used? Another question, it is possible to use CTRL + ALT + <key> at the same time? Where, obviously, <key> != DEL :p Third question: Any good docs on CTRL combinations? Right now Im limited to ^n (avoiding ^a ^c ^e ^h ^i ^j ^m ^q ^s ^u ^? etc. for obvious UNIX reasons) Thanks again. As it was written on Aug 6, thus I spake unto security-basics () securityfocus com: Previous post: Date: Wed, 6 Aug 2003 14:41:09 -0400 (EDT) Previous post: From: Birl <sbirl () temple edu> Previous post: Reply-To: security-basics () securityfocus com Previous post: To: security-basics () securityfocus com Previous post: Subject: Using non-printable characters in passwords Previous post: Previous post: Using cross-platform keyboards (SUN, Windows, Mac), how does one use Previous post: non-printable characters in their passwords? Previous post: Previous post: Since I work cross-platform, I use only a limited number of characters Previous post: while holding down the CTRL key. Previous post: Previous post: Whilst searching Google, I came across a SecurityFocus article that said: Previous post: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric Previous post: keypad" Previous post: Previous post: Additionally, the Google search I used Previous post: non-printable characters passwords Previous post: came up with more information about recovery and programs to avoid using Previous post: non-printable characters. Previous post: Previous post: Are there any other combinations? If I recall correctly, a SANS Previous post: instructor mentioned making use of the "Print Screen" key. Previous post: Previous post: Previous post: Thanks in advance Previous post: Previous post: Scott Birl http://concept.temple.edu/sysadmin/ Previous post: Senior Systems Administrator Computer Services Temple University Previous post: ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*= ===* --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Using non-printable characters in passwords Birl (Aug 06)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- <Possible follow-ups>
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
- RE: Using non-printable characters in passwords Birl (Aug 26)