Security Basics mailing list archives

Re: Password Audits

From: Jeff Ferris <beeritarian () gmail com>
Date: Mon, 25 Apr 2005 08:35:30 -0700

Hi Jair,

LC cracks the Lanman protocol. That is why it has a limit of 14
characters, that is what Lanman uses (2 sections of 7).
For backwards compatibility with NT the SAM stores Lanman hashes, but
if the password length exceeds 15, the hash isn't stored correctly,
and it will just read NULL in LC.

The passwords in a win 2k and XP domain are hashed with  HMAC-MD5
instead of lanman, which may be supported by tools like John the
Ripper and Rainbox crack, but I'm not certain. If they do, use a tool
like PWDUMP and then run john on the output. Either way, it would take
a super long time to brute force a password of that length, so you
would probably just run a dictionary against it.

That's my understanding at least,
Jeff

On 4/22/05, Jair <jairgerald () hotmail com> wrote:

Hi Fellows,

I am using LC5 tool for audit windows 2000 users passwords and look like it
only work with 14 characters passwords or less, I know some users have some
long passwords over 14 characters and LC5 doesn't show me information about
them.

do you guys know if is a tool who can break long passwords ?

Thanks for you help

Current thread:

RE: Hacked (...still cleaning) Horn Michael (Apr 20)
- <Possible follow-ups>
- RE: Hacked (...still cleaning) Beauford, Jason (Apr 20)
- RE: Hacked (...still cleaning) Serge Jorgensen (Apr 20)
- RE: Hacked (...still cleaning) Kirk Brady (Apr 20)
  - RE: Hacked (...still cleaning) Jonathan Loh (Apr 21)
- RE: Hacked (...still cleaning) Kirk Brady (Apr 22)
  - Password Audits Jair (Apr 25)
    - Re: Password Audits Jeff Ferris (Apr 26)
    - Re: Password Audits Mani.682001 () gmail com (Apr 26)
    - Re: Password Audits Adam Jones (Apr 26)
    - RE: Password Audits . (Apr 26)
    - RE: Password Audits Donald N Kenepp (Apr 27)
    - Re: Password Audits tmanster (Apr 26)