No need to look... I'm quite familiar with Urity's work ;) He spoke just
before I did at a Blackhat conference a while back... We had dinner together
(I think that was then... Rika translated for us...) and discussed it a bit.
The presentation at BH Windows 2002 is more relevant than Tokyo, actually...
In 2004 he discussed the NTLM2 response key-- that is not the same as the
NTLMv2 challenge/response exchange... I may tend to be a bit pedantic
sometimes, but I think it is important to be accurate when discussing
security matters, particularly in the realm of authentication protocols.
Since you said "NTLMv2" broke the hash into "chunks," I thought it proper to
correct that statement. NTLMv2's challenges and responses are all 128 bit,
linear keys.
t
----- Original Message -----
From: "Craig Wright" <cwright@bdosyd.com.au>
To: "Thor (Hammer of God)" <thor@hammerofgod.com>; <pand0ra.usa@gmail.com>;
<pen-test@securityfocus.com>
Sent: Wednesday, September 21, 2005 9:48 PM
Subject: RE: Passwords with Lan Manager (LM) under Windows
The session response key
Have a look at
http://www.blackhat.com/presentations/bh-asia-04/bh-jp-04-pdfs/bh-jp-04-
seki.pdf
About page 35-40 give or take from memory
Craig
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: 22 September 2005 12:00
To: Craig Wright; pand0ra.usa@gmail.com; pen-test@securityfocus.com
Subject: Re: Passwords with Lan Manager (LM) under Windows
----- Original Message -----
From: "Craig Wright" <cwright@bdosyd.com.au>
To: <pand0ra.usa@gmail.com>; <pen-test@securityfocus.com>
Sent: Wednesday, September 21, 2005 12:32 PM
Subject: RE: Passwords with Lan Manager (LM) under Windows
Even NTLMv2 will break the hashing into chunks which are able to be
individually broken down.
I'm not sure what you mean... NTLMv2 uses a single 128bit key for the
hash,
challenge and response... Or are you referring to the NTLM2 session
response key (56+56+16)? If so, that is not the same thing as NTLMv2...
Can
you elaborate please ?
t
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
