Chris Hastings was incorrect in his calculation...
There are only two options in L0phtcrack with special characters, one with
12
Make that (26 lowercase + 26 uppercase + 10 numerals + 12 special
characters)^8 with a total of
899 194 740 203 776 (twice as many as Chris calculated, 457,163,239,653,376)
and the other with 32 with a total of
6 095 689 385 410 816
If you use a combination of any special character and increase to 10
characters in length you should be fairly secure
53 861 511 409 489 970 176
Or if you are paranoid like my buddy Greg who uses 13 mixed characters
44 736 509 592 539 817 388 662 784
I reckon if he changes this once a month he should be able to stay ahead of
a L0phtcracker
Regards
Chris Williamson :)
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: Bobby Brown <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, December 20, 2000 7:52 PM
Subject: RE: NT password encryption & name service
>
> Using this password as an example (for length and character type), the
> number of possibilities
> would be (26 lowercase+26 uppercase+10 numerals+6 special characters)^8
> (assuming that the
> period at the end of the sentence isn't part of the password). This is a
> total of 457,163,239,653,376
> possibilities (compare this with DES encryption at 56-bit which we all
know
> can be brute forced at
> 72,057,594,037,927,936 possibilities). If you have the period at the end
> 2^54 < 68^9 < 2^55 possibilities.
> Better but still fewer possibilities than 56-bit encryption...
>
>
> Chris Hastings
> Manager, Network Security
> Network Computing Services
> Vanderbilt University Medical Center
> [EMAIL PROTECTED]
>
>
>
> Bobby Brown
> <bbrown@allensysgrou To:
"'[EMAIL PROTECTED] '"
> p.com> <[EMAIL PROTECTED]>
> Sent by: cc:
> firewalls-owner@List Subject: RE: NT
password encryption & name
> s.GNAC.NET service
>
>
> 12/20/2000 11:14 AM
>
>
>
>
> You must have had very few users or an extremely powerfull server to
crack
> by brute force the passwords. The password you referenced has 4 of the
> recommended characters I wish every user used. Upper and lower case
> characters, special characters, and numbers. What cracking software did
you
> use to do this ?
>
>
> Bobby Brown
>
> -----Original Message-----
> From: Carl Ma
> To: [EMAIL PROTECTED]
> Sent: 12/20/00 12:00 PM
> Subject: NT password encryption & name service
>
> Hello all,
>
> After running password cracking program on our W2000 PDC server, 98%
> passwords
> are cracked out, even some very complicate passwords like - X1#!h0a_.
>
> Is it attribute to the W2000 encryption method? I would like to persuade
> my boss
> using LDAP as name service. Appreciate any information & idea! I will
> summarize.
>
> Thanks & Merry Christmas!
>
> carl
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
