Penetration Testing mailing list archives
Re: [PEN-TEST] NT 4.0 and MD4 Hash
From: Chris Paget <chris.paget () analysys com>
Date: Wed, 6 Dec 2000 15:47:23 GMT
Windows NT uses an MD5 hash, not MD4. MD4 has been cryptographically 'broken' (see http://www.rsasecurity.com/rsalabs/faq/3-6-6.html for more detail), while MD5 remains (to date) unbroken, at least in it's entirety. Chris -- Chris Paget Software Engineer, Analysys Consulting. chris.paget () analysys com On Wed, 6 Dec 2000 06:11:37 -0800, you wrote:
Please fix the error in my ways.. ;-) I was under the impression that the NT hash (not the LM hash) was a straight MD4 hash with no salt value. A SANS article confirms this at: http://www.sans.org/infosecFAQ/logon.htm Using L0phtCrack and a test account with username Administrator, password "magic" (no quotes). L0pht Crack reads the values as: Administrator:"MAGIC":"magic":5B4334DA1FB3A5FBAAD3B435B51404EE:827B5320B 42E9FD95CBB0E63451B701E LanMan Hash: 5B4334DA1FB3A5FBAAD3B435B51404EE NT hash: 827B5320B42E9FD95CBB0E63451B701E However, when I MD4 encrypt the string magic I get the following as a result: 5982FE41BF9A10BB937BD0AB095192B3 I have tried this several times with various utilities including: http://www.persits.net/encrypt/demo_hash.asp The SANS article mentions a unicode convert prior to hashing. I get the string "6D61676963" from a unicode conversion of magic. Neither of these values will equate to the L0pht value. Can someone please tell me where I am going wrong?? Thanks in advance. Chad Security Consultant chad131 () yahoo com __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Current thread:
- [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)