Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jan 2014 19:37:46 +0100
From: magnum <>
Subject: Re: Cracking MSChap v2

On 2014-01-14 15:15, Rob Fuller wrote:
> @magnum those are amazing speeds, are you saying that JtR jumbo already
> does NetNTLMv1 => NTLM via DES hack/bypass/brute (not sure what the right
> word is)

The latest released Jumbo doesn't, but it's about as fresh as Pong by 
Atari. The unstable & bleeding git branches do since a year back.

The optimized version brute forces the last third of the MD4 (NT hash) 
once and for all when loading the ciphertext, a DES key space of just 
2^16. The inner loop just do an MD4 from the candidate and if the last 
third doesn't match the bruted one, it's rejected without wasting more 
time on it. For any number of salts, we still only need that single MD4 
and that's why the many salts speed is so good.

This compared to the "naive" version that does one MD4 for each 
candidate plus at least one DES for each salt iirc.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.