Passwords with Lan Manager (LM) under Windows

• Previous message: Steve McLaughlin: "RE: Windows XP SP2 and Security Tools"
• Next in thread: Tim: "Re: Passwords with Lan Manager (LM) under Windows"
• Reply: Tim: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: philippe.nospam.oechslin_at_objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 Sep 2005 12:24:46 +0200
To: <pen-test@securityfocus.com>

Hi,

Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with Windows 3.11 and is not very secureThe hash is case-insensitive.

* The character set is limited to 142 characters.
* The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will be padded with nulls to get the password to 14 characters.
* The hash result is a 128-bit value.
* The hash is one-way function.

Does anyone know which 142-character set is used ?

Thanks in advance,

Cedric

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: Steve McLaughlin: "RE: Windows XP SP2 and Security Tools"
• Next in thread: Tim: "Re: Passwords with Lan Manager (LM) under Windows"
• Reply: Tim: "Re: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Maybe reply: philippe.nospam.oechslin_at_objectif-securite.nospam.ch: "Re: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]