Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 May 2005 14:47:31 +0200
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re: LANMAN and NT Hash ?s...basic

Solar Designer wrote:
> I am not sure of that.  It could be more complicated than that
> (registry settings involved, etc.)  I'd rather have someone more
> knowledgeable in Windows comment on this.  Simon?

I think so, the lmhash should be aad3b435b51404eeaad3b435b51404ee.
A quick google reveals from
http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet_092104.mspx
Host: Jesper (Microsoft)
Q: Can you comment on disabling LM Hashing? Is there any other way than
creating passwords of 14 characters or more?
A: You can disable LM Hashes by using the settings documented in KB
299656. If you can't turn the setting on globally then using passwords
longer than 14 characters works well. You can also use certain Unicode
characters in the password. For instance, if you use characters between
0127 and 0156 you will not get an LM hash. You will break things if you
turn off LM hashes though. Windows cluster services and RTC both use
them. To work around that, turn on NtlmMinClientSec to at least 0x80010.
You will also break Win9x, but I think of that as a security benefit.




If you do a lot of NT crack, you might be interested by the attached
files. It's an mmx/sse2 implementation of md4 applied to NT hashes.

It's a really ugly hack i wrote, it might not work as expected. AFAIK it
works quite well, and is way faster:

simon@...p:~/projets/john/run$ ./john -test -format:NT
Benchmarking: NT MD4 [TridgeMD4]... DONE
Raw:    683249 c/s real, 741051 c/s virtual

simon@...p:~/projets/john/run$ ./john -test -format:NTmmx
Benchmarking: NT MD4 MMX(MMX 2x) [bartavelle]... DONE
Raw:    4027K c/s real, 4525K c/s virtual

simon@...p:~/projets/john/run$ ./john -test -format:NTmmx
Benchmarking: NT MD4 MMX (SSE2 4x) [bartavelle]... DONE
Raw:    6139K c/s real, 6615K c/s virtual

It does not implement the full md4update stuff, so it only works with a
buffer of 64 chars (32 unicoded chars for the password).

I have the same stuff for md5 and sha1 if anybody is interested.

View attachment "NTmmx_fmt.c" of type "text/x-csrc" (4939 bytes)

View attachment "md4-mmx.S" of type "text/plain" (4214 bytes)

View attachment "md4-sse2.S" of type "text/plain" (4650 bytes)

View attachment "md4.c" of type "text/x-csrc" (7041 bytes)

View attachment "md4.h" of type "text/x-chdr" (1085 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.