I agree, its limited. I pointed out that its old and only included it as a reference to alt-chars not being created equal. If you're going to use an alt-char, you might as well pick a good one.
However, the point remains that incorporating an alt-char vastly increases the brute-force space and therefore makes them harder to crack no matter how you're attempting to crack it. Even in an instance where passwords are stored in plain text in a database, if I see two passwords and one is Bubb!3$ and the other is ╗Password╝, I'm much more likely to be able to use the first and therefore, at some level, the second is "safer". Whether the gains for using an alt-char offset the disadvantages mentioned is up to the user. -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, September 09, 2011 1:14 PM To: NT System Admin Issues Subject: Re: password questions On Fri, Sep 9, 2011 at 1:59 PM, Crawford, Scott <crawfo...@evangel.edu> wrote: > There's a quite dated, yet relevant, article at sysopt about some of > my findings at http://www.sysopt.com/tutorials/article.php/3532756. Scott: That entire analysis is based on the scenario where you have an NTLM password hash sniffed from the wire, and are using a ten-year-old version of L0phtCrack. That's a very narrow focus, and one which isn't even very relevant in today's world (even if you're on a Windows LAN and can sniff traffic, NTLM is becoming increasingly rare, so you've got nothing to sniff). That analysis is completely irrelevant for the majority of scenarios of interest, such as public-facing web sites, or any scenario where someone is trying to attack a password without having an NTLM hash. This isn't the first time you've posted that analysis while failing to appreciate that it's almost completely irrelevant today. I think you're suffering from hammer myopia on this issue. "When all you have is hammer, everything starts to look like a nail." -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
