nations
Aug 1 2006, 06:23 AM
Even today passwords play a central role in system security. Here are ten myths of passwords with using Windows: QUOTE
Myth #1: My Password Hashes Are Safe When Using NTLMv2
QUOTE Many readers will be familiar with the weaknesses in LanManager (LM) password hashes that made L0phtcrack so popular. NTLM made hashes somewhat stronger by using a longer hash and allowing both upper and lower-case letters. NTLMv2 made even more advances by computing a 128-bit key space and using separate keys for message integrity and confidentiality. It also uses the HMAC-MD5 algorithm for further message integrity. However, Windows 2000 still often sends LM or NTLM hashes over the network and NTLMv2 is also vulnerable to in-transit (also known as replay) attacks. And since LM and NTLM password hashes are still stored in the registry, you will still be vulnerable to attacks against the SAM. Until we stop using LanManager, which probably won't be anytime soon, do not assume that your password hashes are safe. L0phtcrack is a popular QUOTE
Myth #2: Passwords created by "Random Password Generators" are great passwords.
This is totally bogus, for one thing a hacker can figure out what algorithm the generator uses and reverse your password in a matter of minutes. Random passwords are usually extremely hard to remember and they take a long time to type most of the time. This increase the chance of someone figuring out your password just by watching you. Make sure that if your creating a password, it alternates between the left and right hand side of the keyboard, contains at LEAST one number and has both upper and lower-case letters involved. Here is a list of almost eight thousand words, all which use both sides of the keyboard. http://www.xato.net/downloads/lrwords.txtIt is best to create a password that involves something easy for you to remember. This can be anything from vulgar language, part of an address, a favorite song or rhyme, maybe a name of a person. Make sure to combine letters and numbers though. Maybe substitute letters for numbers such as IH4t3Y0uSoVeRYmUCHD!eandR()T QUOTE
Myth #3: 14 characters is an optimal password length.
QUOTE With LM, password hashes were split into two separate 7-character hashes. This actually made passwords more vulnerable because a brute-force attack could be performed on each half of the password at the same time. So passwords that were 9 characters long were broken into one 7-character hash and one 2-character hash. Obviously, cracking a 2-character hash did not take long, and the 7-character portion could usually be cracked within hours. Often, the smaller portion could actually be used to assist in the cracking of the longer portion. Because of this, many security professionals determined that optimal password lengths were 7 or 14 characters, corresponding to the two 7-character hashes.
NTLM improved the situation some by using all 14 characters to store the password hash. While this did make things better, NT dialog boxes still limited passwords to a maximum of 14 characters; thus the determination that passwords of exactly 14 characters are the optimal length for the best security. With newer versions of Windows such as 2000 and XP your password can now be up to 127 characters long. This can also get around LM problem as Windows doesn't even correctly create and store a hash of your password if its over 14 characters. This makes brute-force attacks a lot harder. QUOTE Myth #4: Passwords such as "J0hn99" are great passwords. Most password cracking programs can try hundreds of word variations per second. Adding numbers to the end also only takes a few seconds to do. The longer your password the better. Although using "L33t Sp34K" is probably one of the best ways to create a password. This would include things such as using a combination of symbols, letters and numbers to form a word (or in some cases, even just a single letter). QUOTE Myth #5: Any password can eventually be cracked. This is one of the biggest ones in my opinion. Hackers will leave you alone (unless the Government has hired them to do the dirty work) if they can't get your password guessed in a few minutes. The process of cracking passwords is not only time consuming but it also takes lots of processing power that could be used for other things. As a rule of thumb, the longer your password is the more likely the hacker will give up and move on. QUOTE Myth #6: Passwords should be changed every 30 days. If you have something of high-risk this maybe a good policy but, for the average joe its not something that should be suggested. Constantly changing a password often causes a typical user to develop extremely predictive patterns and other things that lower the effectiveness of a password. If a user knows they don't have to change their password they can focus on making a password more complex and thus harder to crack. If required to change passwords every-so-often its a more realistic to have the time frame be 90+ days. QUOTE
Myth #7: You Should Never Write Down Your Password
It is actually a good thing to have your password written down. It IS however, not a good policy to sticky note them to your monitor or around your desk. If you write down a password it can help you create more complex passwords and its easy to recover them if they are forgotten. If you write down a password make sure you do NOT throw it away! A lot a big companies have had security compromises because the passwords that were written down get thrown in the dumpster. CODE Myth #8: Passwords Cannot Include Spaces Its a fact that if a character is visible in Windows, it CAN be used in your password. This obviously includes spaces. It is NOT however, recommended to use spaces at the beginning or end of the password. Also make sure spaces are not over used as a person listening in on your typing can hear the unique "click" the space bar makes everytime its pressed. Please note that a space isn't counted in complexity requirements by Windows. CODE
Myth #9: Always use passfilt.dll
Simply put, using passfilt.dll FORCES users to be within 2000 and XP password guidelines. This can quickly and easily create frustration, which may result in the use of a bad (or weak) password just to get around the Windows password requirements. CODE
Myth #10: Use ALT+255 for the Strongest Possible Password[/quote]
Using "ALT" and a three digit combo create ASCII characters. This may sound very secure as you have to know the exact three digit combo to crack the password but, you can easily watch someone type those numbers in. Here is some math to prove this point:
[quote]For example, a five-character password made up of high-ASCII characters will require 25 keystrokes to complete. With 255 possible codes for each character and five characters, the total possible combinations are 255^5 (or 1,078,203,909,375 - Just over 1 Trillion possible combos). However, a 25-character password made up of only lower-case letters has 26^25 (236,773,830,007,968,000,000,000,000,000,000,000 or a crazy amount of over 236 Decillion (I had to look that one up!)) possible combinations. Clearly, you are better off just making longer passwords.
One trick you can use too is ALT+0160, this creates a "Non-Breaking" space. This fools a hacker if they see this type of "space" as they will think your password contains a space when it really does not. SOURCE: http://www.securityfocus.com/infocus/1554
Reply
cangor
Aug 1 2006, 06:34 AM
those are all indeed correct, I am impressed with this article... though perhaps you shouldn't have pasted the entire thing in...  Any password, really, though, is hackable... Yes, it does take a lot of processing power, but a hacker who is truely determined will leave it running for days or however long it needs... Some might just take months to crack... And you definately want a password over 14 characters... that's not an optimal length... Or, even better, make it REALLY long, but still meaningful enough to remember... really though, if you're that worried about someone hacking into your computer, just keep the actual computer safe... anyways, nice stuff. i liked the explanation of why ALT+NUMS is not always best. A most decent article... But then again, most people don't even know what this stuff means...
Reply
Dooga
Aug 1 2006, 07:41 AM
I don't even know how to use alt+number on macs...
Reply
Lyon2
Aug 1 2006, 07:58 AM
Nice article, very specific and usefull, though i already knew most of it, i am a litle paranoid with the use of usernames and passwords when i configure lan's (LAN = Local Area Network). And we can turn things even more confusing, but, i just want to say something about how to use passwords: - First choose a password with 8 characters minimum - The password must be confusing even to yourself - The password must not contain information related to yourself in any way - The password must not contain names, just characters and numbers like: aA12Ht&%#)/H125 - The password must contain special characters, like: &%$#"!|»?=)(/ - The password must contain uppercase and lowercase letters like: AaBcGtTjd - You must not write down the password in paper or whatever - You must not use the same passwords for everything - You must not save the passwords in programs on your pc, but if you do, encrypt them with secure algorithms - You must train to remember the passwords if you don't use a program to save your passwords with encryption - If you have lots of passwords, write them on a paper and guard the paper "with your life"!
Reply
Plenoptic
Aug 1 2006, 12:40 PM
That is really helpful for when trying to develop a new password. I do indeed use my own Random Password Generator but I change the number of characters each time. Ya I really don't think changing my password every 30 days will help because that is a lot of passwords to change and I probbly wouldn't remember all of them and then I'm stuck with totally different passwords for different things. QUOTE You must not use the same passwords for everything I sort of do that but I change it up a bit and I still have some trouble remembering them. Although for things of higher importance I use high quality passwords. My email though I don't really use the same for each unless it's the one I sign up for everything with.
Reply
Moolkye
Aug 1 2006, 01:09 PM
I do find it difficult at times to remember 1000 passwords. Yes having multiple passwords is safe, but tryign to remember them is hard. So what do you do to safeguard against password hacking? Open up notepad, close your eyes, and click some keys. Add some Capitals and and numbers in there and you got yourself a hard to crack password. and you can use the same one for a lot. As long as it is a STRONG password!
Reply
londres
Sep 7 2006, 02:41 AM
QUOTE(Lyon2 @ Aug 1 2006, 03:58 AM) 
Nice article, very specific and usefull, though i already knew most of it, i am a litle paranoid with the use of usernames and passwords when i configure lan's (LAN = Local Area Network).
And we can turn things even more confusing, but, i just want to say something about how to use passwords:
- First choose a password with 8 characters minimum
- The password must be confusing even to yourself
- The password must not contain information related to yourself in any way
- The password must not contain names, just characters and numbers like: aA12Ht&%#)/H125
- The password must contain special characters, like: &%$#"!|»?=)(/
- The password must contain uppercase and lowercase letters like: AaBcGtTjd
- You must not write down the password in paper or whatever
- You must not use the same passwords for everything
- You must not save the passwords in programs on your pc, but if you do, encrypt them with secure algorithms
- You must train to remember the passwords if you don't use a program to save your passwords with encryption
- If you have lots of passwords, write them on a paper and guard the paper "with your life"!
Another trick that's been stressed to me by a few network administrators is to make your passwords sentences or phrases including upper and lowercase letters. This gives your passwords a little more logic (easier to remember) and if you're really good, you can work numbers or characters in there. e.g. 1oclockTWOoclock3oclockROCK or tryNOT2stare@me
Reply
darran
Sep 9 2006, 12:49 PM
A nice article adding somethings new like the non-breaking space, I never knew there was such a thing like it. I am not really into such a tight security whereby I change my password every 14 days, for me I am into forums so I always leave my password at that. And for my wireless password, this is where I put a little more detail, 26 characters. It is really frightening to see hackers hack into your system but of course unless they have an everlasting hatred for you, I am sure they have no reasons to hack into your system unless they are complete idiots who wants to spoil another person's life. However hacking may actually be a good thing. I have seen so many cases of hackers being employed from prison and brought out to the society. They hack big companies in a bid to find any vulnerabilities within the system so that they can fix it and make it even more secure. This is something which I appreciate about hackers, they find the security vulnerability so that you know it and you will have another layer of protection. A pity that till today, there are so many hackers who are making other life's miserable.
Reply
Recent Queries:--
clear a windows password net * password - 1.66 hr back.
-
getting cached ntlm password hashes - 33.58 hr back.
-
ten windows password myths - 47.12 hr back.
-
hp dv9000 lost passwords - 545.69 hr back.
Similar Topics
Keywords : ten, windows, password, myths, surprised
- Windows 7 Now With Multitouch Features
(0)
Windows Xp
Removed (11) I read yesterday that Microsoft will remove Windows XP from store shelves in June 2008, and, will
discontinue support for older versions all together. I like Xp over Vista , I tested both myself,
Vista uses too many resources, I even have 4 Gig of RAM and I could tell it was still "Laggy and
slow" compared to XP or 2000 for that matters. What is your opinion? This website keeps up on
technology news ... http://www.dslreports.com ....
Protect Public Computers With Windows Steadystate
(1) QUOTE This article series will focus on “Windows SteadyState” – a completely free toolkit from
Microsoft that helps administrators take control of shared access computers running Windows XP. This
article series will include a short introduction to the possibilities we get with Windows
SteadyState (WSS). We will look at the new version compared to older versions, system requirements,
Windows Disk Protection (WDP). If you have ever managed shared access computers, like computers in
schools, public libraries, Internet cafes, kiosk machines, etc, you probably know how h....
Xubutnu In Windows
(2) Just finished installing Xubutnu 6.06 Dapper Drake in Microsoft Virtual PC 2007., so I can have a
linux Web Server. Xubuntu runs pretty well with 512mb ram out of my 1.5Gb and a 2.6Ghz Celeron.
Took about 1.5hours to install and 2gb ish hard drive space. Pretty simple to do, download Dapper
Drake ISO from the Xubuntu website and Virtual PC from Microsoft. Install virtual PC. Create a
virual Pc, I recommend no less that 256mb ram allocated, create a virual hard drive ( about 5Gb, 2Gb
minimum) click start CD at the top mount the dapper drake image press F4 i think it....
How To Change Windows Xp Language ?
(19) my mate bought me a laptop from Paris .... now the problem is i dont know how can i get windows in
an english version... currently its french. I have tried all the possible ways... its not even
letting me boot from my own cd. Any help would be great....
Windows Vista Beta Available?
There is one going around (60) I have heard and that there is a Windows Vista Beta version going around. I have been to a torrent
site and found few there. But I’m not going to download it because i'm guessing it is illegal.
Do any of you here have Windows Vista Beta? If you do what are the system requirements for it to
run. And i have heard there are few versions of this beta, one without the graphical 3D software
(decreasing system requirements), and one with it. Is this true?....
Windows Vista Tranformation Pack
Make you computer look like Vista (73) Ok, some people here have probabely been trying to make their computer look like Windows Vista. I
have to, i found themes and so on but nothing i like they were all crusty, i searched and searched.
And found one, The Vista Transformation Pack 4.0 (They will probabely make new versions of it).
http://www.softpedia.com/get/System/OS-Enh...tion-Pack.shtml It contains everything # Icons #
Themes # Visual Themes # Bootscreen # Login Screen # Sounds # Transparency # Start Menu Changes
(WIth Vista Button inseat of start) --Thats all i can think of but there probabely more.....
Windows Lingo
Useful for those new to the terminology (6) I found this reading a few articles on yahoo figured id share this: This is a good simple
refference for begginners. getting into PC's: Some terms pop up so frequently that you'll
find it worthwhile to memorize them, or at least understand where they come from. That way, you
won't be caught flatfooted when your first-grader comes home and asks whether he can download a
program from the Internet. If you really want to drive your techie friends nuts, the next time you
have a problem with your computer, tell them that the hassles occur when you're "runni....
Windows Vista: The Next Os?
Will it be? (34) I have several new writing jobs, one is volunteer for a site called Mechie Tehcie, which is suppose
to be the next top competitor in technological news. If the mods don't mind, I will be posting
my articles here. These articles are written by me and can only be used with a link back to Mechie
Techie, which is where I originally posted them, which is below and is included in the article. So
anyway, I will be writing three technological articles per week, and will post maybe two here each
week. If it is okay. QUOTE Good bye Windows XP and hello Windows Vist....
Steve Jobs Bets For Windows Xp On Apple Hardware
It is the end of the Tiger and similar Mac OSes?, No, just business... (3) You knew it was coming and its now true. Apple will soon offer Windows XP support on Macintosh
systems, a strategy designed to attract new converts. The option, called Boot Camp, is currently in
beta form, and allows Windows XP to run on Intel-powered Macs. "Apple has no desire or plan to sell
or support Windows, but many customers have expressed their interest to run Windows on Apple's
superior hardware, now that we use Intel processors," said Philip Schiller, Apple's senior vice
president of worldwide product marketing. " We think Boot Camp makes the Mac even....
Study: Tumor Risk From Cell Phones
A real issue, or just myths (13) Researchers at the Swedish National Institute for Working Life issued a report this week disputing
two earlier studies that claimed cell phone use has no correlation to increased brain tumor risk.
The Swedish study found that long-term mobile phone exposure could raise the chance of developing
cancer. In January, a four-year study performed by the London-based Institute of Cancer Research
and three British universities found that talking on a cell phone had no effect on tumor rates. That
research included 966 people with glioma brain tumors and 1,716 healthy respondents....
Is There An Adium-like Im Client For Windows?
(17) Recently I've been getting sick of connecting to so many accounts on so many different clients.
It's troublesome to maintain so many accounts/programs. I liked using Trillian for a while but
it took too much processor memory and it can't connect to Skype or Googletalk (which I
haven't downloaded, but will do so when I find a suitable Adiumlike program). Does anyone know
of an IM client which supports all the major IM protocols? That would be MSN, Yahoo, AIM,
Jabber/Google (well, Skype too but I guess it's optional). I've looked around the plac....
Virtual Pc
Windows emulator for Mac. (15) I heard that VPC was extremely slow and was very bugged. It requires a VPC CD/CD KEY. I suggest
using Guest PC, which you can find free, but all you need is a real Windows CD, not an ISO or burned
CD. Guest PC is also said to be less bugged.....
Mice With Only One Botton At Apple, Finished.
Compatibility with: MacOS X & windows. (19) - I am going to tempt to wake up the memory of oldest among you. You remember
the exit of the first Macintosh, at Apple . How could you have forgotten this funny mouse,
"innovante" for the time, dressed of only one thick button on its superior part, who produced a
small particular click (whose sound reasons again in my ears)? This revolution
that Apple had introduced in the world of the data processing has the house was going to become the
contraption of your daily, and to arrange itself as a matter of course to quote them of th....
Hotmail Password
Need Help (7) hi Sorry i posting here i want change my password and i dont know where i can do this /blink.gif'
border='0' style='vertical-align:middle' alt='blink.gif' /> Homail is 250MB but My mailbox in
hotmail is 2MB Can u tell me why ? thanks /blink.gif' border='0' style='vertical-align:middle'
alt='blink.gif' /> ....
Using Autoexec With Windows Xp Professional?
(12) How can I get stuff to automatically happen with XP Pro? I tried putting stuff in AUTOEXEC.BAT, but
it didn't happen. Is there some environment variable that I can edit or something I have to
change to get AUTOEXEC to work, or is there another file that would have the same effect? Also, is
there something like that for shutting the computer down--that will automatically do/stop stuff on
shutdown?....
Windows Nt Therapy Institute
(1) /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> /laugh.gif' border='0' style='vertical-alig....
Microsoft Windows Bill Gates Edition?
(90) i heard that some peaple have microsoft windows bill gates edition and it is used by bill
gates(creator of microsoft), they said they cracked it from bill gates computer is this true?
/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> because my freind was going to
give it to me and i thought it might have viruses or somethin init. it might just be a program that
some hackers made so microsoft is available to users or it might just be bill gates edition
microsoft. what is your opinion? /huh.gif' border='0' style='vertical-align:middle' alt='huh.gif....
Windows 2000
blah (9) Well if you haven't already heard here is the news brief, Windows 2000 server and personal
editions will no longer have support given to them as of June 30, 2005 and therefore no more
critical and or recommend updates. I knew the day would come when they would stop the support and
basically force everyone who wanted to remain updated with the latest security fixes and what not
would have to upgrade to windows XP home, professional, and or corporate. Therefore, making it so
that people have to buy the upgrade or full install and most people can't afford the pri....
Windows
(12) here is the pictures of windows from 1.o to longhorn,
http://news.wenxuecity.com/BBSView.php?Sub...ews&MsgID=23007 only this site is in chinese, but the
pictures themselves should be clear enough.....
Windows 2003
(4) i was wondering who all here uses or knows information about windows 2003? i read in the unix vs
linux post of someone who used win2k3 rather than a linux distro. i am wondering what's good in
it other than the jsp/asp servlet running builtin? i am using windows xp pro....
Windows Long Horn?
dunno...its wut i hear (58) new windows version comes out 2006? its called windows version long horn? i dunno.... do u know
something about this?....
Windows Xp Update Starts To Weed Out Pirate Keys
Look out! (25) MICROSOFT HAS started implementing features in upgrades to Windows XP which specifically prevent
users of pirated keys from upgrading parts of the operating system. Microsoft said its Genuine
Advantage scheme would prevent pirated copies of XP from downloading anything but the most critical
downloads. Owners of pirated keys in Western Europe tell the INQUIRER that scheme has now kicked in.
What this means, for example, is that if you upgrade the Media Player to version 10, and you're
using a pirated copy of XP, you'll lose functionality on your machine. Microsof....
Looking for ten, windows, password, myths, surprised
|
|
Searching Video's for ten, windows, password, myths, surprised
|
advertisement
|
|
