Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 May 2007 14:19:36 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: LM/NTLMv1 challenge/response cracking

On Fri, May 25, 2007 at 10:14:38AM -0500, jmk wrote:
> I've posted an updated version of the patch here:
> http://www.foofus.net/~jmk/tools/jtr/john-1.7.0.2-netlm-netntlm-jmk-1.diff

I've briefly tested this one - built on two Linux/x86 systems with
OpenSSL 0.9.6m and 0.9.7g (with patches) and ran "john --test" - it
worked fine.  I've placed it in contrib/ and linked from the JtR
homepage.

Some comments on the patch:

You shouldn't need "-lssl".  You only use functions from "-lcrypto".

Given that your patch depends on OpenSSL anyway, you could as well have
it use OpenSSL's MD4 routines.  However, if you prefer not to, you can
update my MD4 routines to a newer revision (e-mailed to you privately).

Are you still using much or any code by Olle Segerdahl in those patches?
You certainly don't appear to be using any of my code in the *_fmt files
(the preprocessor macro names and function names aren't code).  I think
that both of these copyright notices can be dropped from the *_fmt files,
letting you place them in the public domain instead of claiming copyright
on them if you don't mind. ;-)  Not that I think it will matter for
anyone as I would reimplement the code without OpenSSL anyway if I am
ever to add support for these challenge/response exchanges into JtR, and
I don't think the tests[] are subject to copyright.

The FORMAT_NAMEs are weird.  Let me suggest "LM C/R DES" and "NTLMv1 C/R
MD4 DES", although I feel that I will need to re-work this naming scheme
in a future version of JtR.

Thank you!

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.