Newsgroups: comp.unix.wizards
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Subject: Passwords with control characters
Message-ID: <1991Apr11.135940.8717@athena.mit.edu>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
References:  <26522@adm.brl.mil>
Date: Thu, 11 Apr 91 13:59:40 GMT
Lines: 24

In article <26522@adm.brl.mil>, IFAC%SNYCENVM.BITNET@cornellc.cit.cornell.edu ( FRANK CALLUCCI) writes:
|>     I feel that there is a simple way to pick a password without being
|> vulnerable to people decoding it. I feel that the trick is to use control
|> characters. Control characters cannot be displayed or printed. If you
|> were to use the password WIZARD for instance you would use (<CTRL> WIZARD)

  Using control characters in passwords is, indeed, a good way to make them
less vulnerable to attack.

|> and there would be no way that anyone could decode it.

  This, however, is not true.  Although most password crackers use a search
space that does not include control characters, there is absolutely no reason
why control characters cannot be added to the search space.  And, as people
have been discussing at length recently in alt.hackers, our technology has
advanced far enough that it *is* possible to build up huge dictionaries of
precomputed encrypted strings, including (if necessary) strings with control
characters in the original key, in order to make password cracking easier.

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710