mailing list archives
RE: Passwords with Lan Manager (LM) under Windows
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 22 Sep 2005 05:32:20 +1000
Even NTLMv2 will break the hashing into chunks which are able to be individually broken down. Consider Lanman gone -
as it is the tables are completely finished for lanman with ANY combination of Alt+xxx chars
NTLM is close to completion
A 255 char NTLM v2 password is easy as it is derived in chunks as I posted previously - each of these can be checked
individually in a table
I can load the complete lanman tables on my laptop - so why should I care about John or something else? The simple
answer is - I get the raw hash - I have your password
From: Tim [mailto:pand0ra.usa () gmail com]
Sent: Wed 21/09/2005 3:55 AM
To: pen-test () securityfocus com
Subject: Re: Passwords with Lan Manager (LM) under Windows
The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.
On 9/20/05, Cedric.Baechler () vtg admin ch <Cedric.Baechler () vtg admin ch> wrote:
Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with
Windows 3.11 and is not very secureThe hash is case-insensitive.
* The character set is limited to 142 characters.
* The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will
be padded with nulls to get the password to 14 characters.
* The hash result is a 128-bit value.
* The hash is one-way function.