1,359 Posts served
5,663 Conversations started
- Academia
- Atom
- Bit Stories
- Cool Software
- Customer Support
- Events
- Financial Software Industry
- Gaming
- Graphics
- Intel SW Partner Program
- Intel® Software Network 2.0
- Manageability
- Mobility
- Multicore
- Open Source
- Social Media & Virtual Worlds
- Software Engineering
- Threading Building Blocks
- Virtualization
- What If Software
- XML Software
Strong AMT ME Passwords and Other Shades of Gray
By Gael Holmes (Intel) (56 posts) on November 8, 2007 at 2:02 pm
Well we all know that the Intel® AMT Manageability Engine's password must be changed from it's factory default (admin) to a "strong password," correct? So what kind of strong password would that be? We had a post on our forum this morning where a user tried something similar to "Location_1" which looks to be strong. It has an uppercase letter, a lower case letter, a number and a special character (aka 7-bit ASCII non-alphanumeric). The ME should accept this as strong, correct? Nope.
After doing a little digging I found a link on a Microsoft page that has a nice writeup on strong passwords. There are various levels of strong passwords. Most of the time we get by with strong passwords containing characters from at least 3 of the five groups in the Character Classes table (see Microsoft link.) The ME expects it's strong password to contain characters from at least 4 of the five groups (this implementation is used often for sensitive accounts such as those used by administrators or that run critical network services, ie Intel® AMT.)
You may be thinking that "Location_1" does indeed fit the 4-character class requirement. Well it doesn't because the underscore is considered an alpha-numeric, or according to the Microsoft link, it is a "space" character and therefore does not count.
Section 7.1.8.1 of the AMT SDK's Network Interface Guide has a detailed description on what the ME expects:
- Contains 7-bit ASCII characters, in the range of 32-126, excluding ':', ',' and '"' characters. String length is limited to 32 characters.
More Specifically (the above requirement leaves a lot of room for interpretation):
- At least one digit character ('0', '1', .... '9')
- At least one 7-bit ASCII non alpha-numeric character, above 0x20, (e.g. '!', '$', ';'...) Note that '_' is considered alpha-numeric.
- Both lower-case Latin ('a', 'b',...,'z') and upper case Latin ('A', 'B', ...'Z')
I guess the point that I'm trying to make is that the term "Strong Password" has many interpretations - so just be aware of that tiny little fact.
Categories: Manageability
Comments (3) 
By Best Tech News Now on November 9th, 2007 at 12:49 am
Strong AMT ME Passwords and Other Shades of Gray
By Intel Open Port: Intel vPro Expert Center Blog on November 9th, 2007 at 7:27 pm
rules in explicit detail in the Network Interface Guide of the AMT SDK . However that's not something a general end-user is typically going to want to read. Gael Holmes has recently blogged about these rules. If you're at all interested, check outher post. -jeff
By Intel® Software Network Blogs » Tips & Tricks for Setting up & Accessing an Intel AMT Client on January 28th, 2008 at 9:30 am
[...] Change the default ME password: the default password is “admin”. Change that to a stronger password. The guidelines for creating a good ME password can be found here. [...]