Results 1 to 10 of 10

Thread: hardening passwords

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    hardening passwords

    another thread got me thinkin about this...so here's my two line tut...

    - ansi extended chars make for great choices in hardening passwords...
    - press alt and numpad #'s to get the extended characters...

    @w5G(╕78╔4»sZ▐s

    take that l0pht...hehe

    Here's em all...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Lightbulb Good post

    As well. I like to enforce a few policies on passwords. On our W2000 and XP machines. I force three policies on all the users.

    1. Password complexity. (As you stated, Bravo)
    2. Minimum password length. (I require 10 characters minimum)
    3. Force password change. (I do it every 14 days)

    I know this sounds tough. I learned the hard way. To many people with weak passwords and they had the same ones for sometimes years. Well the after hours cleaning crew came in as the others left. Over time they picked up on some passwords. So they would get online and download porn and all kinds of fun stuff at night. So now. By chance, even if they get one. It won't last long......Ha....
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    i follow the nsa pwd recommendations..

    24 passwords remembered
    maximum age 90 days
    minimum 1 day
    min length 12 char
    complexity enabled...


    you might wonder about the 90 days...reason is simple...if i give my users a complex password (i don't let them choose it...with complexity enabled...i think it hurts their little minds to figure out how to pick... ) i want them to remember it...asking them to remember a complex 12 char pwd that changes every 14 days...well it's likely less secure...they'd tend to write it down on the bottom of the keyboard or whatever...

    i'd rather a strong pwd over a longer time that they can have time to memorize...than either a weak pwd or one that is susceptable to dumpsterdiving or other risks becasue the silly fools are writin pwds down all over the place...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    when i posted this, i hadn't read this:

    "One of the downfalls of L0phtcrack is that it can only crack 68 of the 256 possible characters in the ASCII character set. This enables the ability to create virtually "uncrackable" passwords."
    from sans.org

    which makes this technique even better than i thought...it's HIGHLY effective..in fact almost foolproof*...just don't forget your password

    (*until someone finds away around it...hehe)

    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  5. #5
    Yay I think that's a big problem: people forgeting their passwords.
    Then ofcourse you get all of those programs that "store your passwords for you".....oh real nice till someone gets hold of 'em. ;P
    To be God is to be Root, if someone is erking you just type: rm -d /home/heathen

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    385
    one small problem with the ansi extended char list:

    Says:
    alt + 191 = ¿

    In truth:
    alt + 191 = +
    alt + 0191 = ¿

    I've tested this on a few other chars, same holds true. Also tried in different programs.
    If this is just for me, then I wish even more that I did not have to use winME.

    otherwise, perhaps you should add something to indicate that.

    EDITS:
    This only seems to affect most numbers at 127 and over

    What I'm finding in notepad:
    alt+8 = backspace
    alt+9 = tab
    alt+10 = enter
    alt+13 = enter
    alt+15 = ¤
    alt+20 = ¶
    alt+21 = §
    alt+22 = paste
    alt+26 = pastes and highlights last characters erased
    alt+127 = Block(filled)
    alt+128 = Ç
    man, this could go on forever.

    btw, I mostly suspect that It's just the programs I'm using or winME, so please, don't take this offensively
    Preliminary operational tests were inconclusive (the dang thing blew up)

    \"Ask not what the kernel can do for you, ask what you can do for the kernel!\"

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    hmmm...yer right...i pulled the ansi list from m$ access help files...perhaps it's not so standard after all...i shall investigate further...

    btw...for me alt+191 = ¦¤...not +...so go figure
    alt+0191 does = ¢¯


    however the main part of the post is still valid...extended chars make cracking tough...if not impossible...but...hmmm...i wonder if having different versions of ansi (if that's possible?) on a network could cause some major headaches...again...more research needed...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  8. #8
    Junior Member
    Join Date
    Feb 2002
    Posts
    26
    I use a notebook to store my passwords
    not a lap top notebook, the paper one
    use a pencil too
    change the passwords often
    and never use the same pw twice

    Valentino


  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    I have noticed how hard it is to get people to use odd passwords, Ive found it easier to force them on users....(course at first it is an administrative burden) once you get in the habit of doing it every so often (every 90 days) it ends up being as normal as checking logs (you DO check your logs right??)

    and of course the user gets used to it... give em passwords like ¥BhK$^ß

    nuff said... he he
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    Here's that additional info I promised...

    the difference is that the original attachment i included was the Windows ANSI charset...NOT the extended ascii...which is what i meant to post...duh...

    the full set can be found here

    http://charlie.balch.org/asp/ascii.asp

    this has html equiv's too...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •