From: Craig Wright (cwright@bdosyd.com.au)
Date: Wed Sep 21 2005 - 15:32:20 EDT
Even NTLMv2 will break the hashing into chunks which are able to be individually broken down. Consider Lanman gone - as it is the tables are completely finished for lanman with ANY combination of Alt+xxx chars
NTLM is close to completion
A 255 char NTLM v2 password is easy as it is derived in chunks as I posted previously - each of these can be checked individually in a table
I can load the complete lanman tables on my laptop - so why should I care about John or something else? The simple answer is - I get the raw hash - I have your password
Craig
-----Original Message-----
From: Tim [mailto:pand0ra.usa@gmail.com]
Sent: Wed 21/09/2005 3:55 AM
To: pen-test@securityfocus.com
Cc:
Subject: Re: Passwords with Lan Manager (LM) under Windows
The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.
On 9/20/05, Cedric.Baechler@vtg.admin.ch <Cedric.Baechler@vtg.admin.ch> wrote:
> Hi,
>
> Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with Windows 3.11 and is not very secureThe hash is case-insensitive.
>
> * The character set is limited to 142 characters.
> * The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will be padded with nulls to get the password to 14 characters.
> * The hash result is a 128-bit value.
> * The hash is one-way function.
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:58 EDT