Re: [PEN-TEST] NT 4.0 and MD4 Hash

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Chris Paget wrote:

> However - this does raise another question.  If NT does indeed use
> MD4, and MD4 has been broken (according to the RSALabs FAQ,
> "collisions for the full version of MD4 can be found in under a minute
> on a typical PC"), perhaps L0phtcrack can be bettered?  Does anyone
> have a copy of the article in which the MD4 crack is described
> (CryptoBytes (3) 1,  Autumn 1995)? If so, please forward it to me and
> I'll have a go at writing some code to do it...

I'd suggest (and I'm surprised no one's brought it up before now) that
you go off and look at John the Ripper before you work too hard on this.
I always use john in place of l0phtcrack. It's quicker, you can use it
on multiple password systems, and it finds NT passwords that l0phtcrack
didn't (or at least I got bored with waiting for it).

Use the source, luke.

--
Real programmers disdain structured programming.  Structured
programming is for compulsive neurotics who were prematurely
toilet-trained.  They wear neckties and carefully line up
pencils on otherwise clear desks.