RE: Passwords with Lan Manager (LM) under Windows

Even NTLMv2  will break the hashing into chunks which are able to be 
individually broken down. Consider Lanman gone - as it is the tables are 
completely finished for lanman with ANY combination of Alt+xxx chars
 
NTLM is close to completion
 
A 255 char NTLM v2 password is easy as it is derived in chunks as I posted 
previously - each of these can be checked individually in a table
 
I can load the complete lanman tables on my laptop - so why should I care about 
John or something else? The simple answer is - I get the raw hash - I have your 
password
 
Craig

        -----Original Message----- 
        From: Tim [mailto:pand0ra.usa@gmail.com] 
        Sent: Wed 21/09/2005 3:55 AM 
        To: pen-test@securityfocus.com 
        Cc: 
        Subject: Re: Passwords with Lan Manager (LM) under Windows
        
        
The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.


On 9/20/05, Cedric.Baechler@vtg.admin.ch <Cedric.Baechler@vtg.admin.ch> wrote:
> Hi,
>
> Lan Manager (LM) is one of the oldest authentication protocols that Microsoft 
> has used. It was first introduced with Windows 3.11 and is not very secureThe 
> hash is case-insensitive.
>
> * The character set is limited to 142 characters.
> * The hash is broken down into 2-7 character chunks. If the password is 
> shorter than 14 characters, the password will be padded with nulls to get the 
> password to 14 characters.
> * The hash result is a 128-bit value.
> * The hash is one-way function.