-----Original Message----- From: Optrics Engineering - Shaun Sturby, MCSE [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:20 AM To: '[EMAIL PROTECTED]' Cc: 'Edmunds, Ron' Subject: RE: Using non-printable characters in passwords
Hello Ron, This depends on the code page or character set used on your system but it doesn't really matter what code page you use for this trick as all you really want is to use characters on your system that are not in the common 'a-z' 'A-Z' '0-1' set. This causes John the Ripper or the @Stake password cracker take much longer to crack your password. That is if your hacker doesn't use the system recently reported that takes 13 seconds to compare, not generate and compare, your encrypted password to a pre-generated 1.7 GB list of all possible password hashes. Shaun P.S. Maybe I wasn't clear but the manifesto and hint listed below is not mine. I just did a Google search and forwarded what I thought was a good summary of this tip. -----Original Message----- From: Edmunds, Ron Sent: Thursday, August 07, 2003 9:35 AM To: 'Optrics Engineering - Shaun Sturby, MCSE' Subject: RE: Using non-printable characters in passwords What system are you typing these characters on? Alt-63 gives me ?. Alt-156 gives me £. -----Original Message----- From: Optrics Engineering - Shaun Sturby, MCSE Sent: Wednesday, August 06, 2003 5:30 PM To: [EMAIL PROTECTED] Subject: RE: Using non-printable characters in passwords Executive Summary: This manifesto is designed to give system administrators a better grasp on the importance of password security. It is also designed to help users understand the importance of choosing a strong password http://www.somorita.com/Networking/PasswordManifesto.asp Want to make it even stronger? The there are some characters that you can type but that don't exist on the keyboard. I call these ALT characters. You get these characters by holding down the ALT key and typing a code on the numeric keypad. For example, if I type ALT-156 I get ?. Pretty kewl, eh? And you can use that as a key combination as one of the characters in your password. Most password cracking programs never check those characters and if they did it would take them much longer to crack passwords. Some of the common ALT combinations are shown at the end of this document. -----Original Message----- From: Birl [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 12:41 PM To: [EMAIL PROTECTED] Subject: Using non-printable characters in passwords Using cross-platform keyboards (SUN, Windows, Mac), how does one use non-printable characters in their passwords? Since I work cross-platform, I use only a limited number of characters while holding down the CTRL key. Whilst searching Google, I came across a SecurityFocus article that said: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric keypad" Additionally, the Google search I used non-printable characters passwords came up with more information about recovery and programs to avoid using non-printable characters. Are there any other combinations? If I recall correctly, a SANS instructor mentioned making use of the "Print Screen" key. Thanks in advance Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* _____________________________________________________________ IMail Server has scanned this e-mail for Viruses and SPAM using Declude Virus & Declude Junkmail available from www.Optrics.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------