Re: Password Cracking Challenge...
From: David Riley (oscar_at_the-rileys.net)
Date: 07/28/03
- Previous message: wirepair: "Re: is it even possible for a worm with dcom vuln?"
- In reply to: Justin Pryzby: "Re: Password Cracking Challenge..."
- Next in thread: David Schwartz: "RE: Password Cracking Challenge..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jul 2003 16:47:19 -0400 (EDT) To: Justin Pryzby <justinpryzby@users.sf.net>
On Mon, 28 Jul 2003, Justin Pryzby wrote:
> Date: Mon, 28 Jul 2003 12:44:45 -0700
> From: Justin Pryzby <justinpryzby@users.sf.net>
> To: "vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
> Subject: Re: Password Cracking Challenge...
>
> Can't say for sure, but the zero's are interesting. I know the MS NTLM
> scheme takes passwords longer than 7(?) and breaks them up into two
> passwords, each of maximum length 7(?). That's the first thing I'd try.
> The encryption is documented, [http://www.innovation.ch/java/ntlm.html]
> is a good starting point.
It is a good starting point, and that's what I thought of as well.
However, the cutoff here seems to be 8 bytes instead of 7. I'm still
looking at it, but the encoding of the second chunk seems dependent on the
first (e.g. the "321" chunk of "Pa$$word321" is different than that of
"Password321".
Just my 2 cents.
- Previous message: wirepair: "Re: is it even possible for a worm with dcom vuln?"
- In reply to: Justin Pryzby: "Re: Password Cracking Challenge..."
- Next in thread: David Schwartz: "RE: Password Cracking Challenge..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
