|
From: PaulMmn <PaulMmn@ix.netcom.com> > I've probably missed the discussion, but -why- is an 8 character > password no more secure than a 7? "Common sense" would suggest that > the more characters, the merrier. Paul, this has been discussed to death, but, ah well, one last time: One of the ways IBM encrypts the user information is to encrypt (using DES) the user-id with the password as the key. To inter- operate with Windows, IBM has to use Micro$oft's algorithm which is flawed. It comes from Windows NT (or actually the old LAN Manager), that had a 14 character password. Now, the two halves of the 14-character user-id and passwords are encrypted independently, that is: as two independent 7-character chunks. Therefor you can crack the two halves independently. The 8th (and 9th and 10th) goes in the second half as the 1st (2nd or 3rd) character with null for the rest. Therefore, if you can crack 7, you can crack them all.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
