RE: Passwords with Lan Manager (LM) under Windows

["Craig Wright" <cwright () bdosyd com au>]

Even NTLMv2  will break the hashing into chunks which are able to be individually broken down. Consider Lanman gone - 
as it is the tables are completely finished for lanman with ANY combination of Alt+xxx chars
 
NTLM is close to completion
 
A 255 char NTLM v2 password is easy as it is derived in chunks as I posted previously - each of these can be checked 
individually in a table
 
I can load the complete lanman tables on my laptop - so why should I care about John or something else? The simple 
answer is - I get the raw hash - I have your password
 
Craig

        -----Original Message----- 
        From: Tim [mailto:pand0ra.usa () gmail com] 
        Sent: Wed 21/09/2005 3:55 AM 
        To: pen-test () securityfocus com 
        Cc: 
        Subject: Re: Passwords with Lan Manager (LM) under Windows
        
        
The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.


On 9/20/05, Cedric.Baechler () vtg admin ch <Cedric.Baechler () vtg admin ch> wrote:
> Hi,
>
> Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with 
> Windows 3.11 and is not very secureThe hash is case-insensitive.
>
> * The character set is limited to 142 characters.
> * The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will 
> be padded with nulls to get the password to 14 characters.
> * The hash result is a 128-bit value.
> * The hash is one-way function.