Re: [PEN-TEST] NT 4.0 and MD4 Hash

[Chris Paget <chris.paget () analysys com>]

Windows NT uses an MD5 hash, not MD4.

MD4 has been cryptographically 'broken' (see
http://www.rsasecurity.com/rsalabs/faq/3-6-6.html for more detail),
while MD5 remains (to date) unbroken, at least in it's entirety.

Chris

-- 
Chris Paget
Software Engineer, Analysys Consulting.
chris.paget () analysys com



On Wed, 6 Dec 2000 06:11:37 -0800, you wrote:

> Please fix the error in my ways..  ;-)
>
> I was under the impression that the NT hash (not the LM hash) was a
> straight MD4 hash with no salt value.
>
> A SANS article confirms this at:
> http://www.sans.org/infosecFAQ/logon.htm
>
> Using L0phtCrack and a test account with username Administrator,
> password "magic" (no quotes).
>
> L0pht Crack reads the values as:
> Administrator:"MAGIC":"magic":5B4334DA1FB3A5FBAAD3B435B51404EE:827B5320B
> 42E9FD95CBB0E63451B701E
>
> LanMan Hash: 5B4334DA1FB3A5FBAAD3B435B51404EE
> NT hash:    827B5320B42E9FD95CBB0E63451B701E
>
> However, when I MD4 encrypt the string magic I get the following as a
> result:
> 5982FE41BF9A10BB937BD0AB095192B3
>
> I have tried this several times with various utilities including:
> http://www.persits.net/encrypt/demo_hash.asp
>
> The SANS article mentions a unicode convert prior to hashing.  I get
> the string "6D61676963" from a unicode conversion of magic.
>
>
> Neither of these values will equate to the L0pht value.
>
>
> Can someone please tell me where I am going wrong??
>
> Thanks in advance.
>
> Chad
> Security Consultant
> chad131 () yahoo com
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/