On Mon, 28 Jul 2003, Justin Pryzby wrote: > Date: Mon, 28 Jul 2003 12:44:45 -0700 > From: Justin Pryzby <justinpryzbyat_private> > To: "vuln-devat_private" <vuln-devat_private> > Subject: Re: Password Cracking Challenge... > > Can't say for sure, but the zero's are interesting. I know the MS NTLM > scheme takes passwords longer than 7(?) and breaks them up into two > passwords, each of maximum length 7(?). That's the first thing I'd try. > The encryption is documented, [http://www.innovation.ch/java/ntlm.html] > is a good starting point. It is a good starting point, and that's what I thought of as well. However, the cutoff here seems to be 8 bytes instead of 7. I'm still looking at it, but the encoding of the second chunk seems dependent on the first (e.g. the "321" chunk of "Pa$$word321" is different than that of "Password321". Just my 2 cents.
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 13:54:24 PDT