Windows Password Security

SecurityFocus has a great article on Windows password security. Among other things, it addresses the real implications of the weaknesses of LanMan and NTLMv2, and a way you can use that to your advantage:
if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password.

And I remember creating my fist Alt+255 password years ago. It was a pain to enter, and the author makes a good point:
It common to see recommendations to use high-ASCII characters as the ultimate password tip. High-ASCII characters are those that cannot normally be typed on a keyboard but are entered by holding down the ALT key and typing the [...]

Original post by Security Wonk and powered by Img Fly

Related posts:

1. Avoiding password theft
2. Test Domains and the Lanman Hash
3. Elcomsoft have released a new version of their Distributed Password Recovery software
4. Your Thought Your Password Requirements Were Tough
5. Tips for choosing safe password
6. Password-cracking challenge update: second password revealed

Related posts brought to you by Yet Another Related Posts Plugin.