Back in the day, L0pht would be completely ineffectual against such a password, even if you included said character in its character set. I emailed L0pht at the time and they said they didn't support cracking alt-char passwords. I've heard that this is not the case with other password crackers, but even if so, adding these types of characters extends the time for brute-force cracking astronomically. Even if you take into account rainbow tables, I haven't been able to find a rainbow table that includes that wide of a character set.
All that said, we moved away from alt-char passwords since they often introduced incompatibilities. Outlook Web Access was one place they failed for us years ago. Again, I don't know if this has improved, but I would guess not. Another possible problem is trying to use them on devices that lack a method of entering them. Most phone's don't have an alt key and numeric keypad :) One other, note, not all alt-chars are created equal, especially if you're cracking against an LM hash. For instance, alt-141 (ì) is interpreted as simply a lowercase (i). There's a quite dated, yet relevant, article at sysopt about some of my findings at http://www.sysopt.com/tutorials/article.php/3532756. The download referenced is no longer available, but I have the original if you're interested. From: Shauna Hensala [mailto:she...@msn.com] Sent: Friday, September 09, 2011 11:32 AM To: NT System Admin Issues Subject: password questions I have been asked to speak to an group regarding personal internet security. This will be a fairly light weight discussion and I have a couple of really good references regarding choosing secure passwords and the https://www.grc.com/haystack.htm site for testing. My question for all of you is this: What if you incorporate a symbol not normally found on a keyboard into your password - such as ¢ which requires the key combo alt/0162? Does this increase or decrease the hackability of your password - or is it completely irrelevant? To a hacker, is the actual password alt0162 or is it ¢? Thanks for any information you can offer. Shauna Hensala ________________________________ Date: Fri, 9 Sep 2011 16:07:15 +0100 Subject: Re: External subdomains considered dangerous? From: kz2...@googlemail.com To: ntsysadmin@lyris.sunbelt-software.com Aha, you are therefore a Chinese agent :-) On 9 September 2011 15:47, Matthew B Ames <matthew.a...@qinetiq.com<mailto:matthew.a...@qinetiq.com>> wrote: Maybe those companies only use external hosted pop3/imap accounts (granted that is unlikely). I assume from the article is more about a company emailing another company. I own a .org.uk<http://org.uk> domain in the UK, and I quite often get emails (which is meant for the .org). I have even had invoices, emails from their accounts department, etc landing in my personal email. More recently I had a batch of CVs for people apply for job applications as a secretary - either they misread the advert or just automatically typed in the .uk without thinking about it - as the .org is a UK based company). From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>] Sent: 09 September 2011 15:31 To: NT System Admin Issues Subject: Re: External subdomains considered dangerous? Why are internal email addresses being typed in manually? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Sep 9, 2011 at 10:04 AM, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: 20gb of email in six months, and it includes full router configs with passwords, too. http://www.wired.com/threatlevel/2011/09/doppelganger-domains/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ***** IMPORTANT INFORMATION/DISCLAIMER ***** This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress...... The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
