Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Passwords with Lan Manager (LM) under Windows
From: Tim <pand0ra.usa () gmail com>
Date: Tue, 20 Sep 2005 11:55:26 -0600

The hash is not case sensitive, everything is pushed to uppercase. 
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.


On 9/20/05, Cedric.Baechler () vtg admin ch <Cedric.Baechler () vtg admin ch> wrote:
Hi,

Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with 
Windows 3.11 and is not very secureThe hash is case-insensitive.

* The character set is limited to 142 characters.
* The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will 
be padded with nulls to get the password to 14 characters.
* The hash result is a 128-bit value.
* The hash is one-way function.


Does anyone know which 142-character set is used?

Thanks in advance,

Cedric

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




-- 
Tim Van Cleave, CISSP, NSA IAM, CXE
AIM - pand0rausa
MSN - m0rt15
Yahoo - pand0ra_usa

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]