Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 May 2007 10:14:38 -0500
From: jmk <jmk@...fus.net>
To: john-users <john-users@...ts.openwall.com>
Subject: Re: LM/NTLMv1 challenge/response cracking

On Fri, 2007-05-18 at 23:19 +0200, Frank Dittrich wrote:
> It's not just a cosmetical "problem".
> OTOH, the problem could be easily worked around,
> even without split() converting the hashes into upper case.
> See this thread for more details:
> 
> http://thread.gmane.org/gmane.comp.security.openwall.john.user/50

Thanks for the info. I've added a split() function to my code which
seems to fix the case of the hash characters.

> >I can move the upper-case conversion to set_key(), but that causes the
> >self test to fail. The self test appears to compare the original
> >password and the response from get_key, which would be the upper-cased
> >version of the password.
> 
> I remember I had the same problem in the past,
> and would also be interested in how to solve this.

I believe my problem was having mixed-case passwords in the sample test
credentials. Things seem to be working better for me now.

I've posted an updated version of the patch here:
http://www.foofus.net/~jmk/tools/jtr/john-1.7.0.2-netlm-netntlm-jmk-1.diff

This version of the diff should be against a clean copy of 1.7.0.2.

Joe



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ