From: Craig Wright (cwright@bdosyd.com.au)
Date: Sun Sep 18 2005 - 16:55:28 EDT
Please note I was pointing to the "success rates" table for NTLM
The lowest is 80.19% as it stands. This is not all the tables are precomputed, but there is still an 80+ % crack rate (and this is growing)
Further - this is not the only table source. Further - there is no manner in which you will enforce extended passwords. As I initially stated - the issue is in protecting the password and stopping a copy from being tested. There are means available to do this. If you are still on NT 4.0 - than it is time to upgrade.
The success rate is 80.19% for "alpha numeric symbol 32 space" - this is EVERYthing in NTLM - not just space or extended - the table is 53% derived- but if you read further - this equates to an 80.19% crack rate.
Remember there is a user at the other end - they have to remember. Please explain how a user will enter and remember a passphrase such as
"S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars
Craig
-----Original Message-----
From: dave kleiman [mailto:dave@isecureu.com]
Sent: Mon 19/09/2005 5:49 AM
To: pen-test@securityfocus.com
Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar@gmail.com; 'Peter Parker'
Subject: RE: Whitespace in passwords
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT