Re: more l0phtcrack errata

[davidz () EDUCOM COM AU (David Zverina)]

> From the l0phtcrack readme ....
>      By changing the default string that is processed through you
>      can drastically change the amount of time it takes to brute
>      through the entire keyspace. Keep in mind that the following
>      characters are not valid in passwords so they don't need to
>      be included: '/', '\', '[', ']', ':', ';', '|,' ,'=', ',',
>      '+', '*', '?', '<', '>' [according to the MS technet information].
>      For example: if you just want to check all combinations of letters
>      all you have to run through is ABCDEFGHIJKLMNOPQRSTUVWXYZ.

Can you provide source for the technet article?

It seems to me that the symbols which you have counted as invalid in the
nt passwords are valid indeed. Note the illustration below and note that
changing password from "1+1" to "1?1" results in both of the hashes
being
completely different. (see attached output)

If this is the case than there are 69 significant characters.
(128 less \0x0-\0x1F less 26 lowercase less \0x3F = 69)
This means each of the halves of lanman password contains 42.75 bits
of information. =log(69^7)/log(2).
This means cracking well chosen password is about 7 times harder than
cracking 40 bit encryption which is contained in most US export
products.
(ie. non-trivial but possible)

Cheers,

David

-----
D:\apps\secure>net user gumby 1+1
The command completed successfully.

D:\apps\secure>pwdump | grep gumby
gumby:1009:0C0958E450F88785AAD3B435B51404EE:886A3D92DDB35932249EA2C700B0
C8B4:::

D:\apps\secure>net user gumby 1?1
The command completed successfully.

D:\apps\secure>pwdump | grep gumby
gumby:1009:5A4C12BD6CFA44CFAAD3B435B51404EE:5352ACBCFB1D1CB40DFD8FD1C57D
C2E1:::
----
---
David Zverina
Software Engineer
(davidz () educom com au)