Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Jun 2006 07:17:20 -0700
From: "Welty, Timothy" <>
To: <>
Subject: NTLM Character Limitation



I'm trying to crack a set of NTLM password hashes using John 1.7.2
patched with john-ntlm-v03.diff.gz.  All the passwords are known to be
14 characters long and are composed of a known character set.  I defined
a custom incremental mode in my john.conf per below:




File = $JOHN/all.chr

MinLen = 14

MaxLen = 14

CharCount = 95



When I attempt to start the audit I receive the error:



Loaded 172 password hashes with no different salts (NT MD4 [TridgeMD4])

MaxLen = 14 exceeds the compile-time limit of 8

There are several good reasons why you probably don't need to raise it:

- many hash types don't support passwords (or password halves) longer
than 7 or 8 characters;

- you probably don't have sufficient statistical information to generate
a charset file for lengths beyond 8;

- the limitation applies to incremental mode only.



I understand cracking the longer passwords will be difficult, but I need
to say I tried.  Is there a way around this problem?  Note that, other
than the occasional script, I'm not a coder.  I'm running John on Ubuntu




Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.