Security Basics mailing list archives
Re: Fwd: How does the Cain and Abel SAM dump works?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 16 Jul 2008 17:23:38 +0200
On 2008-07-16 Dave Hull wrote:
On Tue, Jul 15, 2008 at 2:14 PM, Eric Snyder <Eric.S () aefcu com> wrote:How are you checking / cracking longer, 15 character plus, passwords? The best table I have seen is 14 character. Do you have a source for 15+ character tables that use every possible printable characters; commas, spaces, grave accents, etc.?Remember that if the password is more than 14 characters, Windows won't write an LM hash of it to the SAM file. Instead, an NT hash will be written along with a bogus LM hash. The LM hash is pretty weak as it is hashed on a seven bit boundary, thus your Rainbow tables actually only have to have hashes computed for seven character strings. This is why I recommend passwords be at least 15 characters.
Or, you could simply disallow LM authentication via local policies.
In my opinion, size matters more than complexity.
Nope. Length and complexity are equivalent. Increase length and you need less complexity, increase complexity and you need less length. It's just easier to increase the length, because keyboards tend to limit the number of available characters. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Fwd: How does the Cain and Abel SAM dump works? Vikas Singhal (Jul 14)
- Re: Fwd: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- RE: Fwd: How does the Cain and Abel SAM dump works? Eric Snyder (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Jorge L. Vazquez (Jul 16)
- Re: Fwd: How does the Cain and Abel SAM dump works? Dave Hull (Jul 16)
- Re: Fwd: How does the Cain and Abel SAM dump works? Ansgar -59cobalt- Wiechers (Jul 16)
- Message not available
- Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Ansgar -59cobalt- Wiechers (Jul 18)
- RE: Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- RE: Passwords: length vs. complexity Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- Message not available
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 22)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 15)
- Re: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 18)
- Re: How does the Cain and Abel SAM dump works? Ansgar -59cobalt- Wiechers (Jul 16)