Penetration Testing mailing list archives
Re: [PEN-TEST] NT 4.0 and MD4 Hash
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Wed, 6 Dec 2000 08:08:30 -0800
On Wed, 6 Dec 2000, Chris Paget wrote:
Windows NT uses an MD5 hash, not MD4. MD4 has been cryptographically 'broken' (see http://www.rsasecurity.com/rsalabs/faq/3-6-6.html for more detail), while MD5 remains (to date) unbroken, at least in it's entirety.
A few people have replied with this, however I am sure that it is not correct. Quoted from: "Choosing Strong Passwords" - Eric Shultze http://www.securityfocus.com/focus/microsoft/nt/1.html "Passwords in NT environments are encrypted in two separate fashions. NTLM hashes (used mainly for NT to NT authentication) are created using MD4 encryption, while the LanMan hashes (used for Win9x and other non-NT client authentication) are created using a known constant in its encryption algorthym. (For a technical discussion of NT passwords, check out L0pht's paper on the crypto behind NT passwords.) It is this LanMan hash that creates the need for special length passwords."
Current thread:
- [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Renshaw, Rick (R.) (Dec 07)