Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Passwords with Lan Manager (LM) under Windows
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 22 Sep 2005 14:48:07 +1000


The session response key

Have a look at
http://www.blackhat.com/presentations/bh-asia-04/bh-jp-04-pdfs/bh-jp-04-
seki.pdf

About page 35-40 give or take from memory

Craig

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor () hammerofgod com] 
Sent: 22 September 2005 12:00
To: Craig Wright; pand0ra.usa () gmail com; pen-test () securityfocus com
Subject: Re: Passwords with Lan Manager (LM) under Windows


----- Original Message -----
From: "Craig Wright" <cwright () bdosyd com au>
To: <pand0ra.usa () gmail com>; <pen-test () securityfocus com>
Sent: Wednesday, September 21, 2005 12:32 PM
Subject: RE: Passwords with Lan Manager (LM) under Windows


Even NTLMv2  will break the hashing into chunks which are able to be 
individually broken down.

I'm not sure what you mean... NTLMv2 uses a single 128bit key for the
hash, 
challenge and response...  Or are you referring to the NTLM2 session 
response key (56+56+16)? If so, that is not the same thing as NTLMv2...
Can 
you elaborate please ?

t


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]