Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Jun 2007 20:12:57 +0400
From: Solar Designer <>
Subject: Re: LM/NTLMv1 challenge/response cracking

On Thu, May 31, 2007 at 02:25:05PM -0500, jmk wrote:
> Updated patch against clean

Thank you!  I've placed this in contrib/ now.

> Updated patch against 1.7.2 w/ john-1.7.2-all-3.diff:

I decided to put out a new revision of the jumbo patch with this code
included instead of your patch-over-a-patch.  While doing it, I've
noticed numerous things that were wrong about the jumbo patch and I've
fixed some (I hope Erik doesn't mind):

- Enabled one salt vs. multiple salts benchmarks for more hash types by
changing BENCHMARK_LENGTH from -1 to 0 for them.

- Replaced md[45].[ch] with newer revisions that include two trivial
optimizations for x86-64; updated md5_go.[ch] accordingly.

- Patched E_md4hash() in smbencrypt.c to not require mdfour().

- Dropped "-lssl", added a linefeed character to the end of BFEgg_fmt.c.

With the above changes, the revision currently in contrib/ is -all-6.

Joe - please consider the BENCHMARK_LENGTH and mdfour() changes for your
patch.  Also, I think that it would help to have comments at the start
of both *_fmt.c files explaining the expected input file format and/or
providing references to tools that can be used to dump C/R exchanges in
a supported format.

> In case anyone is interested, the following are some general notes
> regarding my use of this patch...

Thank you for sharing this - I think that someone might find it useful,
especially as it will remain on the web (in list archives).  Your
approach looks quite smart.

Some questions, just out of curiosity (and in case it helps someone
browsing the archives):

> * Capture the LM/NTLM challenge/response exchange. I've posted[1] a
> modification to Samba to assist with this effort.
> [1]
> * Use RainbowCrack to lookup first 7 characters of the password using
> the LM response hash (half LM response tables).
> * Use JtR to crack the remaining characters.

Is there a reason to not generate and use rainbow tables for this step
as well?  I don't immediately see one.  The key for second block of
responses crosses DES block boundary in LM hashes, but that shouldn't be
a problem (just a bit more computation to do when building the tables).
It is entirely possible that I am missing something as I haven't looked
into this before.

> Some random thoughts... I've written a simple Perl script to automate
> this task. I've also hacked a command-line parameter option into JtR to
> accept john.conf files other than the system-wide default, which this
> script utilizes. I don't know if it's in the future plans, but having
> easily accessible functionality built into JtR (case toggle, setting a
> seed password, custom configuration files specified on the command-line,
> etc) might be useful. Just a thought...

Indeed.  I hope to find the time to rework the core of JtR to make it
even more extensible first, then proceed to add features like those
you've mentioned and many others.  It's just that this is not happening
for a long time now...

Thanks again,

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.