RE: Whitespace in passwords

["Craig Wright" <cwright () bdosyd com au>]

Please note I was pointing to the "success rates" table for NTLM
 
The lowest is 80.19% as it stands. This is not all the tables are precomputed, but there is still an 80+ % crack rate 
(and this is growing)
 
Further - this is not the only table source. Further - there is no manner in which you will enforce extended passwords. 
As I initially stated - the issue is in protecting the password and stopping a copy from being tested. There are means 
available to do this. If you are still on NT 4.0 - than it is time to upgrade.
 
The success rate is 80.19% for "alpha numeric symbol 32 space" - this is EVERYthing in NTLM - not just space or 
extended - the table is 53% derived- but if you read further - this equates to an 80.19% crack rate.
 
Remember there is a user at the other end - they have to remember. Please explain how a user will enter and remember a 
passphrase such as 
"S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars
 
Craig

        -----Original Message----- 
        From: dave kleiman [mailto:dave () isecureu com] 
        Sent: Mon 19/09/2005 5:49 AM 
        To: pen-test () securityfocus com 
        Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar () gmail com; 'Peter Parker' 
        Subject: RE: Whitespace in passwords