Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 11 Sep 2010 12:38:59 +0200
From: "Magnum, P.I." <>
Subject: Re: Attacking Windows-ALT chars in LM Hashes

On 09/10/2010 09:08 PM, Brad Tilley wrote:
> Magnum, P.I. wrote:
>> JtR however, cheats when doing this conversion: it just puts a 0x00
>> between each char.
> You mean for NT hashes I guess?

Yeah, sorry for the confusion

> I think the correct wording would be "inserts a null after each char"
> rather than "between each char". I'm not sure that is cheating. It works
> and is portable across operating systems. Windows has non-portable ways
> to do it, but if you want to crack NT hashes on Linux or BSD, etc then
> this approach works. That's how I do it too:

It's very fast and works fine, but *only* if the candidates are encoded 
in cp1252 (which is almost the same as ISO-8859-1). If the candidates 
come in any other character set, this method will fail. JtR can not 
crack even the simplest Greek or Russian NT password hash *no matter* 
how you encode the wordlist. Not even using 8-bit DumbForce.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.