And as lm configuration #6 from http://www.antsight.com/zsl/rainbowcrack/ shows it's trivial to crack ANY reasonable windows password with length <14 characters unless lmhashes are turned off!(lm hashes are not stored for passwords longer than 14 characters). Unfortunately if you have to support downlevel clients you can't turn off lmhash system wide, but it can be disabled on a per-account basis so any admin type accounts should probably have it turned off.
Andrew Fidel
| "McCann, Danny"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 08/09/2006 10:59 AM
|
|
Hi
Haven't used it, but one of my colleagues swears it's too good. :) Try Rainbow Tables.
Cheers
Danny
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 20 March 2006 21:38
To: [email protected]
Subject: [ActiveDir] Weak AD passwords
Can anyone recommend any tools to find which of our users have weak AD passwords? We used to use L0phtcrack back in the day, but it doesn't appear to be supported any longer? Other than enforcing complex passwords (which we do) and 8 character minimum, we'd like to figure out who uses things like "Password1" or something silly like that.
Thanks in advance
Email has been scanned for viruses by Altman Technologies' email management service
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
