Passwords with control characters
Jonathan I. Kamens
jik at athena.mit.edu
Thu Apr 11 23:59:40 AEST 1991
In article <26522 at adm.brl.mil>, IFAC%SNYCENVM.BITNET at cornellc.cit.cornell.edu ( FRANK CALLUCCI) writes:
|> I feel that there is a simple way to pick a password without being
|> vulnerable to people decoding it. I feel that the trick is to use control
|> characters. Control characters cannot be displayed or printed. If you
|> were to use the password WIZARD for instance you would use (<CTRL> WIZARD)
Using control characters in passwords is, indeed, a good way to make them
less vulnerable to attack.
|> and there would be no way that anyone could decode it.
This, however, is not true. Although most password crackers use a search
space that does not include control characters, there is absolutely no reason
why control characters cannot be added to the search space. And, as people
have been discussing at length recently in alt.hackers, our technology has
advanced far enough that it *is* possible to build up huge dictionaries of
precomputed encrypted strings, including (if necessary) strings with control
characters in the original key, in order to make password cracking easier.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.wizards
mailing list