Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 May 2007 23:19:26 +0200
From: "Frank Dittrich" <>
Subject: Re: LM/NTLMv1 challenge/response cracking

jmk wrote:
>Looking at this again, I can't figure out why I should necessarily use
>split() and FMT_SPLIT_UNIFIES_CASE for either format. The way I read
>things is that these items serve two purposes. The first being to split
>hashes, such as LM, which can be cracked as independent chunks. IIRC,
>neither the LM nor the NTLM challenge/response hashes work this way.
>The second benefit I see is that hashes will be stored in files (e.g.
>john.pot) in a consistent form. Specifically, all hex alpha characters
>could be upper-cased. I'm confused as to whether this would actually
>affect JtR or is it just for good style? Mixing case within the hashes
>doesn't seem to affect my tests.

It's not just a cosmetical "problem".
OTOH, the problem could be easily worked around,
even without split() converting the hashes into upper case.
See this thread for more details:

>>You should move your conversion to uppercase from netlm_crypt_all() to
>>netlm_set_key(), such that netlm_get_key() will return the converted
>I can move the upper-case conversion to set_key(), but that causes the
>self test to fail. The self test appears to compare the original
>password and the response from get_key, which would be the upper-cased
>version of the password.

I remember I had the same problem in the past,
and would also be interested in how to solve this.


Express yourself instantly with MSN Messenger! Download today it's FREE!

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.