Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 May 2007 23:19:26 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: jmk@...fus.net, john-users@...ts.openwall.com
Subject: Re: LM/NTLMv1 challenge/response cracking

jmk wrote:
>Looking at this again, I can't figure out why I should necessarily use
>split() and FMT_SPLIT_UNIFIES_CASE for either format. The way I read
>things is that these items serve two purposes. The first being to split
>hashes, such as LM, which can be cracked as independent chunks. IIRC,
>neither the LM nor the NTLM challenge/response hashes work this way.
>
>The second benefit I see is that hashes will be stored in files (e.g.
>john.pot) in a consistent form. Specifically, all hex alpha characters
>could be upper-cased. I'm confused as to whether this would actually
>affect JtR or is it just for good style? Mixing case within the hashes
>doesn't seem to affect my tests.

It's not just a cosmetical "problem".
OTOH, the problem could be easily worked around,
even without split() converting the hashes into upper case.
See this thread for more details:

http://thread.gmane.org/gmane.comp.security.openwall.john.user/50

>>You should move your conversion to uppercase from netlm_crypt_all() to
>>netlm_set_key(), such that netlm_get_key() will return the converted
>>string.
>
>I can move the upper-case conversion to set_key(), but that causes the
>self test to fail. The self test appears to compare the original
>password and the response from get_key, which would be the upper-cased
>version of the password.

I remember I had the same problem in the past,
and would also be interested in how to solve this.

Frank

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ