Best Practices

10 Windows Password Myths

I saw this article (Ten Windows Password Myths) over at Security Focus and thought it was worth sharing. And something I didn’t know about Windows (2000/XP) passwords:

If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password.

The nice thing about that is that it then becomes impossible for your password to be cracked from the SAM database, since we kow it isn’t actually null.

Perhaps the most interesting point the article makes, (and though it has been made many times before it bears repeating) is that despite every other security measure we put into place, without strong passwords our defenses are easily overcome.

One comment 10 Windows Password Myths

This is a good article and I didn’t realize any of this before especially the resulting LM Hash when you have 15 or more characters.

I generally feel passwords with spaces and other strange punctuation in a long phrase accompanied with random characters is the best way to go.

Comments are closed.