Re: Passwords with Lan Manager (LM) under Windows

From: Tim (pand0ra.usa@gmail.com)
Date: Tue Sep 20 2005 - 13:55:26 EDT

• Next message: Steve.Cummings@barclayscapital.com: "Re: Whitespace in passwords"
• Previous message: Steve.Cummings@barclayscapital.com: "Re: Whitespace in passwords"
• In reply to: Cedric.Baechler@vtg.admin.ch: "Passwords with Lan Manager (LM) under Windows"
• Next in thread: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.

On 9/20/05, Cedric.Baechler@vtg.admin.ch <Cedric.Baechler@vtg.admin.ch> wrote:
> Hi,
>
> Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with Windows 3.11 and is not very secureThe hash is case-insensitive.
>
> * The character set is limited to 142 characters.
> * The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will be padded with nulls to get the password to 14 characters.
> * The hash result is a 128-bit value.
> * The hash is one-way function.
>
>
> Does anyone know which 142-character set is used?
>
> Thanks in advance,
>
> Cedric
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

-- 
Tim Van Cleave, CISSP, NSA IAM, CXE
AIM - pand0rausa
MSN - m0rt15
Yahoo - pand0ra_usa
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Steve.Cummings@barclayscapital.com: "Re: Whitespace in passwords"
• Previous message: Steve.Cummings@barclayscapital.com: "Re: Whitespace in passwords"
• In reply to: Cedric.Baechler@vtg.admin.ch: "Passwords with Lan Manager (LM) under Windows"
• Next in thread: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:57 EDT