Re: Whitespace in passwords

From: Steve.Cummings@barclayscapital.com
Date: Wed Sep 21 2005 - 01:36:58 EDT

• Next message: Craig Wright: "RE: Whitespace in passwords"
• Previous message: Sherwyn Williams: "Re: Windows XP SP2 and Security Tools"
• Maybe in reply to: bryan allott: "Whitespace in passwords"
• Next in thread: Craig Wright: "RE: Whitespace in passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try the password of your choice with alt 255 in the middle currently things like lopht and john don't get near it
 

-----Original Message-----
From: Craig Wright <cwright@bdosyd.com.au>
To: Cummings, Steve: IT (LDN) <Steve.Cummings@barclayscapital.com>; BMcAninch@PENSON.COM <BMcAninch@PENSON.COM>; pen-test@securityfocus.com <pen-test@securityfocus.com>
CC: pand0ra.usa@gmail.com <pand0ra.usa@gmail.com>
Sent: Tue Sep 20 20:27:52 2005
Subject: RE: Whitespace in passwords

HI
 
1st it does not make them untouchable
 
Next, MOST applications do not accept Alt+xxx based passwords - very few users will use them as well
 
Do your users authenticate via a Radius systems, the web...? Any of these will not accept Alt+xxx chars.
 
Most users will have issues using this
 
the following does not make a very memerable password - see how often it is remembered?
¦ß?|?O11s
 
Craig

        -----Original Message-----
        From: Steve.Cummings@barclayscapital.com [mailto:Steve.Cummings@barclayscapital.com]
        Sent: Wed 21/09/2005 2:41 AM
        To: Craig Wright; BMcAninch@PENSON.COM; pen-test@securityfocus.com
        Cc: pand0ra.usa@gmail.com
        Subject: Re: Whitespace in passwords
        
        
        Why aren't alt characters feasible alt255 is an easy one for anyone to remember and if the policy for passwords dictates the requirement then most large firms would accept this especially if it made the password in the current view untouchable for the for seable future
        
        

------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.

------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Craig Wright: "RE: Whitespace in passwords"
• Previous message: Sherwyn Williams: "Re: Windows XP SP2 and Security Tools"
• Maybe in reply to: bryan allott: "Whitespace in passwords"
• Next in thread: Craig Wright: "RE: Whitespace in passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:57 EDT