Date: Sun, 03 Apr 2011 23:47:26 +0200 From: magnum <rawsmooth@...dband.net> To: john-dev@...ts.openwall.com Subject: Enhanced NETNTLM_fmt.c Enclosed is a patch that enhances the NETNTLM format: * Implemented hash table functions for all sizes. * Added support for Extended Session Security. Cain can crack them, we could not, until now. This is the hashes that has a lot of nulls in the LM "response", like this: longpassword:::c70e4fb229437ef300000000000000000000000000000000:abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9:24ca92fdab441aa4 The LM part of it is actually an eight-byte client challenge and MD5 is used to hash the concatenated challenges before doing the same "DESL" as usual. The MD5 happens in get_salt so these hashes are cracked at exactly the same speed as the old ones. This also means we can attack both formats simultanously. I made the internal format (eg. the john.pot format) backwards compatible. I had to modify loader.c for this, Jim's proposed changes are a much better way to handle it in the future. * Moved key setup (MD4 of plaintext) from crypt_all() to set_key() where I believe it belongs. Only DES is left in crypt_all(). * Bumped MAX_KEYS_PER_CRYPT to 192 (from 1) and added OMP support. * This patch will apply with or without my UTF-8 patch (and is included in version 8 of it, see http://openwall.info/wiki/john/patches) The speedup in many situations (like when the challenge was forced to a static salt) should be tremendous. The benchmarks show some 15% speedup. Most of this should be applied to the other NET*LM* formats too. enjoy, magnum View attachment "john-1.7.6-jumbo-12-netntlm-enhanced-2.diff" of type "text/x-patch" (12791 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.