lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1058997209.2790.34.camel@el-cap>
From: DARREN.L.BENNETT at saic.com (Darren Bennett)
Subject: NEW windows password encryption flaw..

Here is a yahoo story on the same problem... Others seem to think that
it is indeed a problem (and one that ONLY affects Windows).


http://story.news.yahoo.com/news?tmpl=story&cid=620&ncid=620&e=1&u=/nf/20030723/bs_nf/21952On 
		-Darren

Wed, 2003-07-23 at 13:24, 3APA3A wrote:
> Dear Darren Bennett,
> 
> Windows  uses  password  hash  in  a  same  way  as  Unix uses cleartext
> password.  Having  password  hash  you  can  connect  to Windows network
> without  knowledge  of  cleartext  password (I spent 2 minutes to modify
> smbclient to use hash instead of password and 5 minutes to test, you can
> try  to  do  it  as  a  challenge...  Hint:  all you need is to skip MD4
> encoding  if  password  is already looks like MD4 hash). So, cracking of
> Windows hashes gives you nothing in fact.
> 
> 
> --Wednesday, July 23, 2003, 9:48:51 PM, you wrote to full-disclosure@...ts.netsys.com:
> 
> DB> Is this new? I read about it on slashdot...
> 
> DB> http://lasecpc13.epfl.ch/ntcrack/
> 
> DB> Basically, it seems that Microsoft has (yet again) screwed up the
> DB> implementation of their encryption scheme. This makes cracking any hash
> DB> a matter of seconds. Oops... 
-- 
-----------------------------------------------
Darren Bennett 
CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I
Sr. Systems Administrator/Manager
Science Applications International Corporation
Advanced Systems Development and Integration
-----------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ