Penetration Testing mailing list archives
Re: [PEN-TEST] NT 4.0 and MD4 Hash
From: Chris Paget <chris.paget () analysys com>
Date: Wed, 6 Dec 2000 16:32:36 GMT
I stand corrected - it is indeed MD4, according to the l0phtcrack 1.5 source code (available from http://www.l0pht.com/l0phtcrack/dist/lcsrc.zip). L0phtcrack 1.5 uses the MD4 reference code from the RFC. In the source - /* the way they do the md4 hash they don't represent the last null. ie 'A' becomes just 0x41 0x00 - not 0x41 0x00 0x00 0x00 */ So the character string is indeed in Unicode format, and does not include the null at the end. However - this does raise another question. If NT does indeed use MD4, and MD4 has been broken (according to the RSALabs FAQ, "collisions for the full version of MD4 can be found in under a minute on a typical PC"), perhaps L0phtcrack can be bettered? Does anyone have a copy of the article in which the MD4 crack is described (CryptoBytes (3) 1, Autumn 1995)? If so, please forward it to me and I'll have a go at writing some code to do it... Chris -- Chris Paget Software Engineer, Analysys Consulting. chris.paget () analysys com On Wed, 6 Dec 2000 08:08:30 -0800, you wrote:
On Wed, 6 Dec 2000, Chris Paget wrote:Windows NT uses an MD5 hash, not MD4. MD4 has been cryptographically 'broken' (see http://www.rsasecurity.com/rsalabs/faq/3-6-6.html for more detail), while MD5 remains (to date) unbroken, at least in it's entirety.A few people have replied with this, however I am sure that it is not correct. Quoted from: "Choosing Strong Passwords" - Eric Shultze http://www.securityfocus.com/focus/microsoft/nt/1.html "Passwords in NT environments are encrypted in two separate fashions. NTLM hashes (used mainly for NT to NT authentication) are created using MD4 encryption, while the LanMan hashes (used for Win9x and other non-NT client authentication) are created using a known constant in its encryption algorthym. (For a technical discussion of NT passwords, check out L0pht's paper on the crypto behind NT passwords.) It is this LanMan hash that creates the need for special length passwords."
Current thread:
- [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Renshaw, Rick (R.) (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Osborne-1, Brett (Dec 10)