windows pass from SAM file

[hehe]

is it true that 15 symbol pass is no better than 14 symbol, because hashes
are stored in two parts of 7 symbols each, and grand total is 14 symbols
anyway?


--

==
http://www.big-forum.com - Object Freaking Everything!
==

 

[S. Pidgorny]

Re: windows pass from SAM file

No.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"hehe" <hoho@huhu.hihi> wrote in message
news:OaCrB5GEIHA.4228@TK2MSFTNGP02.phx.gbl...
> is it true that 15 symbol pass is no better than 14 symbol, because hashes
> are stored in two parts of 7 symbols each, and grand total is 14 symbols
> anyway?
>
>
> --
>
> ==
> http://www.big-forum.com - Object Freaking Everything!
> ==
>
>
>

 

[Brian Komar]

Re: windows pass from SAM file

Absolutely not.
Brian

"hehe" <hoho@huhu.hihi> wrote in message
news:OaCrB5GEIHA.4228@TK2MSFTNGP02.phx.gbl...
> is it true that 15 symbol pass is no better than 14 symbol, because hashes
> are stored in two parts of 7 symbols each, and grand total is 14 symbols
> anyway?
>
>
> --
>
> ==
> http://www.big-forum.com - Object Freaking Everything!
> ==
>
>
>

 

[Pawe³ Goleñ]

Re: windows pass from SAM file

hehe wrote:
> is it true that 15 symbol pass is no better than 14 symbol, because hashes
> are stored in two parts of 7 symbols each, and grand total is 14 symbols
> anyway?

No, but 7 symbol password is equal in strength to 14 symbol password. In
standard configuration, because Windows stores two password hashes, LM
and NTLM. LM hash is weak and should be disabled.

How to prevent Windows from storing a LAN manager hash of your password
in Active Directory and local SAM databases

http://support.microsoft.com/kb/299656

--
Pawe³ Goleñ
mailto_golen@ks.onet.pl
"Wszyscy przecie¿ wiemy, ¿e nikt nie dostaje ¿adnych spamów" - mój trol
UGVybCBTVUNLUw==

 

[hehe]

Re: windows pass from SAM file

alright, so 2 LM hashes, but where the last 15th symbol is gonna go?

--

==
http://www.big-forum.com - Object Freaking Everything!
==



"Pawe³ Goleñ" <p_golen@ks.onet.pl> wrote in message
news:ff5isd$t79$1@atlantis.news.tpi.pl...
> hehe wrote:
>> is it true that 15 symbol pass is no better than 14 symbol, because
>> hashes
>> are stored in two parts of 7 symbols each, and grand total is 14 symbols
>> anyway?
>
> No, but 7 symbol password is equal in strength to 14 symbol password. In
> standard configuration, because Windows stores two password hashes, LM
> and NTLM. LM hash is weak and should be disabled.
>
> How to prevent Windows from storing a LAN manager hash of your password
> in Active Directory and local SAM databases
>
> http://support.microsoft.com/kb/299656
>
> --
> Pawe³ Goleñ
> mailto_golen@ks.onet.pl
> "Wszyscy przecie¿ wiemy, ¿e nikt nie dostaje ¿adnych spamów" - mój trol
> UGVybCBTVUNLUw==

 

[Brian Komar]

Re: windows pass from SAM file

ummm, there will be *no* LM Hashes if the password is >= 15 characters.
Brian

"hehe" <hoho@huhu.hihi> wrote in message
news:ObgXjyQEIHA.5856@TK2MSFTNGP04.phx.gbl...
> alright, so 2 LM hashes, but where the last 15th symbol is gonna go?
>
> --
>
> ==
> http://www.big-forum.com - Object Freaking Everything!
> ==
>
>
>
> "Pawe³ Goleñ" <p_golen@ks.onet.pl> wrote in message
> news:ff5isd$t79$1@atlantis.news.tpi.pl...
>> hehe wrote:
>>> is it true that 15 symbol pass is no better than 14 symbol, because
>>> hashes
>>> are stored in two parts of 7 symbols each, and grand total is 14 symbols
>>> anyway?
>>
>> No, but 7 symbol password is equal in strength to 14 symbol password. In
>> standard configuration, because Windows stores two password hashes, LM
>> and NTLM. LM hash is weak and should be disabled.
>>
>> How to prevent Windows from storing a LAN manager hash of your password
>> in Active Directory and local SAM databases
>>
>> http://support.microsoft.com/kb/299656
>>
>> --
>> Pawe³ Goleñ
>> mailto_golen@ks.onet.pl
>> "Wszyscy przecie¿ wiemy, ¿e nikt nie dostaje ¿adnych spamów" - mój trol
>> UGVybCBTVUNLUw==
>