Penetration Testing mailing list archives
Re: [PEN-TEST] NT 4.0 and MD4 Hash
From: Paul Cardon <paul () MOQUIJO COM>
Date: Wed, 6 Dec 2000 11:28:13 -0500
Chris Paget wrote:
Windows NT uses an MD5 hash, not MD4.
Look at page 3 of the PPTP analysis at http://www.counterpane.com/pptp-paper.html When creating the NTLM hash MS first converts the password to Unicode and then performs an unsalted MD4 hash.
On Wed, 6 Dec 2000 06:11:37 -0800, you wrote:Please fix the error in my ways.. ;-) I was under the impression that the NT hash (not the LM hash) was a straight MD4 hash with no salt value. A SANS article confirms this at: http://www.sans.org/infosecFAQ/logon.htm
Just looked at the SANS article after posting my first response. No mention of the Unicode conversion in the article. The article also doesn't directly reference the best sources of NTLM password information including the Counterpane paper, Aleph One's article in Phrack 53, the L0phtCrack documentation and other original work by Mudge and Hobbit. The 2nd edition of Hacking Exposed, which the author does include in his bibliography, includes most of these references. -paul
Current thread:
- [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Renshaw, Rick (R.) (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Osborne-1, Brett (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash crazytrain.com (Dec 10)