- Gmail secure paypal and ebay users
- Matt Cutt gave new wordpress security tips
- Safe mode helps you diagnose problems
- Encrypting through USB drive
- This security update resolves two privately reported vulnerabilities in Outlook Web Access
- Domain Name System (DNS) is responsible for translating host names to IP
- WEP is an encryption scheme based on the RC-4 cipher
- McAfee, Inc. Endpoint Encryption Deployed by NHS for Widespread Data Protection
|
|||||||||||||||||
 |
|||||||||||||||||
|
Windows Password Security
Tuesday, August 1, 2006, 10:21
This news item was posted in Authentication, Passwords, Windows security category and has 0 Comments so far.
SecurityFocus has a great article on Windows password security. Among other things, it addresses the real implications of the weaknesses of LanMan and NTLMv2, and a way you can use that to your advantage:
if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password.
And I remember creating my fist Alt+255 password years ago. It was a pain to enter, and the author makes a good point:
It common to see recommendations to use high-ASCII characters as the ultimate password tip. High-ASCII characters are those that cannot normally be typed on a keyboard but are entered by holding down the ALT key and typing the [...]
Original post by Security Wonk and powered by Img Fly
Related posts
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.