Date: Fri, 18 May 2007 23:19:26 +0200 From: "Frank Dittrich" <frank_dittrich@...mail.com> To: jmk@...fus.net, john-users@...ts.openwall.com Subject: Re: LM/NTLMv1 challenge/response cracking jmk wrote: >Looking at this again, I can't figure out why I should necessarily use >split() and FMT_SPLIT_UNIFIES_CASE for either format. The way I read >things is that these items serve two purposes. The first being to split >hashes, such as LM, which can be cracked as independent chunks. IIRC, >neither the LM nor the NTLM challenge/response hashes work this way. > >The second benefit I see is that hashes will be stored in files (e.g. >john.pot) in a consistent form. Specifically, all hex alpha characters >could be upper-cased. I'm confused as to whether this would actually >affect JtR or is it just for good style? Mixing case within the hashes >doesn't seem to affect my tests. It's not just a cosmetical "problem". OTOH, the problem could be easily worked around, even without split() converting the hashes into upper case. See this thread for more details: http://thread.gmane.org/gmane.comp.security.openwall.john.user/50 >>You should move your conversion to uppercase from netlm_crypt_all() to >>netlm_set_key(), such that netlm_get_key() will return the converted >>string. > >I can move the upper-case conversion to set_key(), but that causes the >self test to fail. The self test appears to compare the original >password and the response from get_key, which would be the upper-cased >version of the password. I remember I had the same problem in the past, and would also be interested in how to solve this. Frank _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.