Results 1 to 14 of 14

Thread: NT, hashing..

  1. #1

    Thread Starter
    Lively Member
    Join Date
    May 1999
    Location
    Orange County
    Posts
    68

    NT, hashing..

    Does anyone know how Windows NT takes the password, and throws it through a one way encryption scheme. Does anyone have that code. L0pht Heavy Industies found a way, So I believe the code is not only in Microsofts's Sealed whatever. Any help is appreciated. EISECURE please don't resopnd unless you have the final answer you seem to lock my threads.
    Windows XP Professional
    Microsoft Visual Basic 6.0 Professional

  2. #2
    PowerPoster eiSecure's Avatar
    Join Date
    Jul 2000
    Location
    Texas
    Posts
    2,209
    lol...

    I'll just give you a final answer.
    The answer is: Yes

    You can easily get the NT password. If you want to know how, just tell me.

  3. #3
    PowerPoster eiSecure's Avatar
    Join Date
    Jul 2000
    Location
    Texas
    Posts
    2,209
    EISECURE please don't resopnd unless you have the final answer you seem to lock my threads.
    Well, if you want to do heavy security stuff, you gotta know the subject first. (ie.: "How do I RSA a file??")

    BTW, did you read that book I recommended you?

  4. #4
    PowerPoster eiSecure's Avatar
    Join Date
    Jul 2000
    Location
    Texas
    Posts
    2,209
    and by the way, you should change the title of this thread. Its not called hashing, it's called encrypting.

    Another thing, NT doesn't use a "one way encryption" method. All encryption is 2-way. If it was 1-way, then it'll take an awfully long time for you to log on.

  5. #5
    Hyperactive Member
    Join Date
    Aug 1999
    Posts
    482
    Hey, instead of racking your post count even more.. why not edit your last remark

  6. #6
    Monday Morning Lunatic parksie's Avatar
    Join Date
    Mar 2000
    Location
    Mashin' on the motorway
    Posts
    8,169
    Why not use 1-way? When you change your password, it's hashed and stored. To verify, what you supply is hashed and checked if it matches what's stored. This way you cannot get the original password.
    I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
    -- Linus Torvalds

  7. #7
    jim mcnamara
    Guest
    Rivest's very robust Message Digest 5 is available as a freebie .dll at:

    http://www.net-security.org/various/...09,5468,.shtml

    It is a very secure one-way hashing algorithm suitable for password hashing, and the .dll comes with instructions.


  8. #8
    Monday Morning Lunatic parksie's Avatar
    Join Date
    Mar 2000
    Location
    Mashin' on the motorway
    Posts
    8,169
    MD5 has, to all intents and purposes, been cracked.
    I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
    -- Linus Torvalds

  9. #9
    Gerco
    Guest
    Originally posted by parksie
    MD5 has, to all intents and purposes, been cracked.
    Then can you point me to a program that will crack any md5 hashed password within a short time?

    If you put it that way, RSA has also been cracked, but it takes ages to decypher the info, just like md5.

  10. #10
    Monday Morning Lunatic parksie's Avatar
    Join Date
    Mar 2000
    Location
    Mashin' on the motorway
    Posts
    8,169
    I wasn't saying not to use it, because the crack algorithm was only recently found and I don't think it can be done quickly. The thing was, before this there weren't any useful ways of cracking MD5.

    It's still quite secure, just not very secure.
    I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
    -- Linus Torvalds

  11. #11
    jim mcnamara
    Guest
    There is a problem of perception here.

    MD5 is more than secure enough to warrant use for any reasonable app. For National security, where the potential damage is perhaps being obliterated by some maniac country, then yeah, don't use MD5.

    But who is stupid enough to use 100+ hours on a Cray at a cost of $2500/hr compute time to crack a single password on a Diablo II disk that costs $50? This isn't even remotely practical.

    If you want to rule the world then spending millions on cracking hashed passwrods is worth it. Cracking a single MS Office disk for $US250,00 is absurd. To say the least.

  12. #12
    PowerPoster eiSecure's Avatar
    Join Date
    Jul 2000
    Location
    Texas
    Posts
    2,209
    why don't use just use SHA-1 hashing?

  13. #13
    pathfinder NotLKH's Avatar
    Join Date
    Apr 2001
    Posts
    2,397
    In case you missed it,

    it seems vb5prog has been a little busy. But,

    No offense intended

    SHA-1, MD5

    EiSecure, et all, he just wanted to know about

    how Windows NT takes the password

    Alternatives are good, but it seems to be a waste of time when
    the poster hasn't come back yet to process the first responses.

    Lets wait and see what he comes back with.

    -Lou

  14. #14

    Thread Starter
    Lively Member
    Join Date
    May 1999
    Location
    Orange County
    Posts
    68

    you guys ramble on

    if you can tell me how to take a string such as "passport" and hash it exactly like windowsNT makeing it look something like "1A3F35A7B1C8D9E" on and on it stops at 34 characters i believe . Screw cracking it who needs to crack it when you can do this
    use NT's own hashing algorithm to match other hashes

    Administrator:1F4B82B96E6F9A1F4B82B96E6F9A
    brute forcing.....
    passing = 2B96E6F9A1F4B82B96E6FBC
    passport = 1F4B82B96E6F9A1F4B82B96E6F9A

    try to understand
    then if the hash for passport = password hash then
    password = passport
    run through a dictionary file and hash the passwords in real time and then compare them to the aquired hashes

    find and run L0phtCrack
    yes there is ^ zero instead of an O
    you might understand
    Windows XP Professional
    Microsoft Visual Basic 6.0 Professional

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width