Date: Sun, 15 May 2005 14:47:31 +0200 From: Simon Marechal <simon@...quise.net> To: john-users@...ts.openwall.com Subject: Re: LANMAN and NT Hash ?s...basic Solar Designer wrote: > I am not sure of that. It could be more complicated than that > (registry settings involved, etc.) I'd rather have someone more > knowledgeable in Windows comment on this. Simon? I think so, the lmhash should be aad3b435b51404eeaad3b435b51404ee. A quick google reveals from http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet_092104.mspx Host: Jesper (Microsoft) Q: Can you comment on disabling LM Hashing? Is there any other way than creating passwords of 14 characters or more? A: You can disable LM Hashes by using the settings documented in KB 299656. If you can't turn the setting on globally then using passwords longer than 14 characters works well. You can also use certain Unicode characters in the password. For instance, if you use characters between 0127 and 0156 you will not get an LM hash. You will break things if you turn off LM hashes though. Windows cluster services and RTC both use them. To work around that, turn on NtlmMinClientSec to at least 0x80010. You will also break Win9x, but I think of that as a security benefit. If you do a lot of NT crack, you might be interested by the attached files. It's an mmx/sse2 implementation of md4 applied to NT hashes. It's a really ugly hack i wrote, it might not work as expected. AFAIK it works quite well, and is way faster: simon@...p:~/projets/john/run$ ./john -test -format:NT Benchmarking: NT MD4 [TridgeMD4]... DONE Raw: 683249 c/s real, 741051 c/s virtual simon@...p:~/projets/john/run$ ./john -test -format:NTmmx Benchmarking: NT MD4 MMX(MMX 2x) [bartavelle]... DONE Raw: 4027K c/s real, 4525K c/s virtual simon@...p:~/projets/john/run$ ./john -test -format:NTmmx Benchmarking: NT MD4 MMX (SSE2 4x) [bartavelle]... DONE Raw: 6139K c/s real, 6615K c/s virtual It does not implement the full md4update stuff, so it only works with a buffer of 64 chars (32 unicoded chars for the password). I have the same stuff for md5 and sha1 if anybody is interested. View attachment "NTmmx_fmt.c" of type "text/x-csrc" (4939 bytes) View attachment "md4-mmx.S" of type "text/plain" (4214 bytes) View attachment "md4-sse2.S" of type "text/plain" (4650 bytes) View attachment "md4.c" of type "text/x-csrc" (7041 bytes) View attachment "md4.h" of type "text/x-chdr" (1085 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.