OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: NT encryption
From: Alan Ramsbottom (ACRALS.CO.UK)
Date: Thu Sep 21 2000 - 17:07:11 CDT

From: "Glenn Pearl" <glennpBROOKE-STAFFING.COM>
> I was not aware that there was any limitation on allowable
> extended-ASCII characters. I have used passwords that contain
> characters not in the list below (for instance, 0212), and
> have had no problems logging on to any NT or Win9x box in our
> network.

"Q: What is so special about these particular ALT+nnnn characters?

When you use an ALT+nnnn sequence to enter a character into your password,
it generates a character from the Windows Character Set. These will be
translated to ASCII during the hash creation process and it is important to
consider this translation.

Many sequences will get mapped to ordinary ASCII characters and this will
not make life much harder for the brute-force program. However the sequences
I have listed are mapped to ASCII values that are outside the set normally
considered by such a program. If the program is modified to generate
passwords containing these characters, then an attack that is guaranteed to
get your password takes much longer."

Not the best explanation, but good enough and I didn't want to supply
detailed recipes or code towards more competent password crackers. The full
copy of my '97 FAQ is still collecting dust at:

 http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=17

Soo.. a new millenium ..anyone want to talk about something a little more in
tune with it? Figured out the details of the protected storage
"backup/restore master key" yet? Or perhaps you've tried that open source
CSP?

No?

Ack...

-Alan-