Dictionary password filter

What "Dictionary Password Filter" is?
This application uses "Password filtering" security feature of NT 4.0. Being installed it will block user attempts to assign passwords that are contained in dictionary. Dictionary is a plain-text file with list of words. Such dictionaries are used in programs like L0phtCrack.

You can find more info about this feature in Microsoft Knowledge Base article "Password Change Filtering & Notification in Windows NT".

NB! You must have Service Pack 2 or higher installed.


Why I did it?
I hope everybody knows how important to choose strong passwords but real life shows that people don't like them. Here is the real story I was told by one my friend.

He works at one big Moscow company (don't ask me the name :)). They have NT based LAN with more than 200 users. My friend consider to test how secure it is. Note: he is an odinary user without any admin privileges. With modified version of PwDump he grabbed 204 accounts. After running L0pthCrack 1.5 he obtained 162 clear-text passwords (two of them were passwords of domain admins group members). The most funny thing he told me: 44 users have the same password - '123'.


Download
You can freely download "Dictionary Password Filter" binaries: Source code is also available:

Additional dictionaries can be found in different locations on the NET (e.g. ftp://utopia.hacktic.nl/pub/replay/pub/wordlists)


Installation
  1. Unzip downloaded archive into temp directory;
  2. Run install.cmd script. This script copies DictFilt.Dll and dictionary file (AllWords) to %SystemRoot%\System32 directory. Then it calls install entry in DictFilt.Dll, which registers filter's event logging and notification facilities. You will get a message about installation.
  3. Reboot machine.
  4. If installation was successful you can delete filter files from temp directory.
Note: dictionary file name is hardcoded in the filter. So dictionary name must be "AllWords" (without extension). Dictionary file must contain words delimited by new-line char (0xd, 0xa or 0xa). Word list needn't be sorted because filter uses simple linear search.

Filter reports errors directly to system security log. Use Event viewer to browse through it.


Removing filter
  1. Run uninstall.cmd script.
  2. Reboot machine.
  3. Delete DictFilt.Dll from %SystemRoot%\System32 directory.

Disclaimer
THIS APPLICATION IS FREEWARE AND IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE.

THIS APPLICATION DOES NOT CONTAIN ANY BACKDOORS BUT MAY CONTAIN BUGS.


Back to my home page


Last revised: 20 January, 2000 Feel free to mail me: ebs@innocent.com