From: Anurag Joshi (mastermindanu@gmail.com)
Date: Thu Sep 08 2005 - 22:46:03 EDT
List,
With due respect i dont think whitespaces would make any
difference. It just depends on the encrypting algo. In all cases
whitespace amounts to a ASCII code and hence a binary representation,
thus encrypting or decrypting would make no difference. If the algo has
no no rule for whitespaces then it is not allowed. But when it comes to
symbols whitespaces, underscores, dash are probably the first ones
anyone will look for.
Anurag Joshi
Bruce K. Marshall wrote:
> Bryan,
>
> I don't believe there is any reason that people are discouraged from
> using the space character other than application programming
> restrictions. If the space character was a field delimeter or
> otherwise broke the coded password processing function the programmers
> wouldn't allow it in a password.
>
> I don't see this restriction very often these days. But we do have
> Microsoft treating the space character differently than any other.
> They don't classify it as lowercase, uppercase, number, or symbol when
> checking the password against complexity requirements. I consider it
> a symbol, and it falls within the top 10 most popular symbols when
> analyzing password choices. But even then it is not a popular character.
>
> Making complete use of all available characters is important for
> increasing the difficulty of password cracking. It isn't enough to
> just make the space character available and then only encourage people
> to use letters and numbers.
>
> ----
> Bruce K. Marshall - bkmarshall@passwordresearch.com
> Password Research Institute - http://www.passwordresearch.com
>
>
> ----- Original Message ----- From: "bryan allott"
> <homegrown@bryanallott.net>
> To: <pen-test@securityfocus.com>
> Sent: Tuesday, September 06, 2005 4:19 AM
> Subject: Whitespace in passwords
>
>
>> generally, and i dont know if this is social conditioning due to the
>> misnomer "passWORD" rather than passPHRASE but it seems that [most?]
>> people choose passes that dont contain whitespaces, and in fact,
>> there are some system implementations that wont allow whitespaces in
>> the password.
>> my main question, re security, is wether the whitespace made the
>> password too vulnerable? [historically] and why this constraint is
>> introduced in many systems.. [but then, if myth- why propogate it?]
>> i'm thinking that whitespaces [if yr system can handle them, and why
>> not?] would add another measure of complexity in cracking pwds?
>
>
>
> ------------------------------------------------------------------------------
>
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site
> scripting and other web attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:51 EDT