Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_2

Bugtraq archives for 2nd quarter (Mar-Jun) 1997: Re: more l0phtcrack errata

Re: more l0phtcrack errata

David Zverina (davidzEDUCOM.COM.AU)
Mon, 14 Apr 1997 15:11:37 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: G P R: "Phrack Magazine, issue 50"
Previous message: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Systemkennung Linux: "more l0phtcrack errata"

>From the l0phtcrack readme ....
>      By changing the default string that is processed through you
>      can drastically change the amount of time it takes to brute
>      through the entire keyspace. Keep in mind that the following
>      characters are not valid in passwords so they don't need to
>      be included: '/', '\', '[', ']', ':', ';', '|,' ,'=', ',',
>      '+', '*', '?', '<', '>' [according to the MS technet information].
>      For example: if you just want to check all combinations of letters
>      all you have to run through is ABCDEFGHIJKLMNOPQRSTUVWXYZ.

Can you provide source for the technet article?

It seems to me that the symbols which you have counted as invalid in the
nt passwords are valid indeed. Note the illustration below and note that
changing password from "1+1" to "1?1" results in both of the hashes
being
completely different. (see attached output)

If this is the case than there are 69 significant characters.
(128 less \0x0-\0x1F less 26 lowercase less \0x3F = 69)
This means each of the halves of lanman password contains 42.75 bits
of information. =log(69^7)/log(2).
This means cracking well chosen password is about 7 times harder than
cracking 40 bit encryption which is contained in most US export
products.
(ie. non-trivial but possible)

Cheers,

David

-----
D:\apps\secure>net user gumby 1+1
The command completed successfully.

D:\apps\secure>pwdump | grep gumby
gumby:1009:0C0958E450F88785AAD3B435B51404EE:886A3D92DDB35932249EA2C700B0
C8B4:::

D:\apps\secure>net user gumby 1?1
The command completed successfully.

D:\apps\secure>pwdump | grep gumby
gumby:1009:5A4C12BD6CFA44CFAAD3B435B51404EE:5352ACBCFB1D1CB40DFD8FD1C57D
C2E1:::
----
---
David Zverina
Software Engineer
(davidzeducom.com.au)

Next message: G P R: "Phrack Magazine, issue 50"
Previous message: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Systemkennung Linux: "more l0phtcrack errata"