[Dshield] yyyyyyyyy me?

Richard Staed richard.stead at bigpond.com
Tue Mar 19 06:46:08 GMT 2002


I hope you don't mind this quick interjection,

    Do not be fooled into believing that the length of the password makes it
more difficult to break, because it doesn't. It can easily be broken down
into separate sessions and using a distributed (a number of machines working
on the same task) be crack . Windows LAN MAN is one of the easiest to crack
as it blocks the password hashes into seven character lengths as follows;

#######  #######
joeblogg  s______

to fill the extra space in the second block it uses underscores.

Your best passwords will be either seven characters or 14 characters long
and for administrators should use a combination of alpha, numeric, special
character, and ASCII character. Not easy if you have a lot of them to
remember granted; however, they are very strong.

"thats my two cents worth"


----- Original Message -----
From: "Susan" <pobox2 at pinn.net>
To: <list at dshield.org>
Sent: Tuesday, March 19, 2002 2:24 PM
Subject: [Dshield] yyyyyyyyy me?


> Instead of asking me you can go here to verify the accounts of others
also:
> http://www.hackerwhacker.com , lots of good links there.
>
> Essentially that would be the whole point. you cannot write
> miscellaneous info to linux root unless of course you can #1: -penetrate
> my firewall then #2 crack root's password , in which case you're a
> millionaire because I have MD5 on this system and very very long
passwords.





More information about the list mailing list