|
-
Jul 21st, 2001, 08:08 PM
#1
Thread Starter
Lively Member
NT, hashing..
Does anyone know how Windows NT takes the password, and throws it through a one way encryption scheme. Does anyone have that code. L0pht Heavy Industies found a way, So I believe the code is not only in Microsofts's Sealed whatever. Any help is appreciated. EISECURE please don't resopnd unless you have the final answer you seem to lock my threads.
Windows XP Professional
Microsoft Visual Basic 6.0 Professional
-
Jul 21st, 2001, 09:04 PM
#2
PowerPoster
lol...
I'll just give you a final answer.
The answer is: Yes
You can easily get the NT password. If you want to know how, just tell me.
-
Jul 21st, 2001, 09:06 PM
#3
PowerPoster
EISECURE please don't resopnd unless you have the final answer you seem to lock my threads.
Well, if you want to do heavy security stuff, you gotta know the subject first. (ie.: "How do I RSA a file??")
BTW, did you read that book I recommended you?
-
Jul 21st, 2001, 09:07 PM
#4
PowerPoster
-
Jul 22nd, 2001, 09:08 AM
#5
Hyperactive Member
Hey, instead of racking your post count even more.. why not edit your last remark
-
Jul 22nd, 2001, 10:01 AM
#6
Monday Morning Lunatic
Why not use 1-way? When you change your password, it's hashed and stored. To verify, what you supply is hashed and checked if it matches what's stored. This way you cannot get the original password.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 22nd, 2001, 11:54 AM
#7
Rivest's very robust Message Digest 5 is available as a freebie .dll at:
http://www.net-security.org/various/...09,5468,.shtml
It is a very secure one-way hashing algorithm suitable for password hashing, and the .dll comes with instructions.
-
Jul 22nd, 2001, 12:51 PM
#8
Monday Morning Lunatic
MD5 has, to all intents and purposes, been cracked.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 22nd, 2001, 12:57 PM
#9
Originally posted by parksie
MD5 has, to all intents and purposes, been cracked.
Then can you point me to a program that will crack any md5 hashed password within a short time?
If you put it that way, RSA has also been cracked, but it takes ages to decypher the info, just like md5.
-
Jul 22nd, 2001, 12:59 PM
#10
Monday Morning Lunatic
I wasn't saying not to use it, because the crack algorithm was only recently found and I don't think it can be done quickly. The thing was, before this there weren't any useful ways of cracking MD5.
It's still quite secure, just not very secure.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 22nd, 2001, 03:14 PM
#11
There is a problem of perception here.
MD5 is more than secure enough to warrant use for any reasonable app. For National security, where the potential damage is perhaps being obliterated by some maniac country, then yeah, don't use MD5.
But who is stupid enough to use 100+ hours on a Cray at a cost of $2500/hr compute time to crack a single password on a Diablo II disk that costs $50? This isn't even remotely practical.
If you want to rule the world then spending millions on cracking hashed passwrods is worth it. Cracking a single MS Office disk for $US250,00 is absurd. To say the least.
-
Jul 22nd, 2001, 04:04 PM
#12
PowerPoster
why don't use just use SHA-1 hashing?
-
Jul 22nd, 2001, 07:19 PM
#13
In case you missed it,
it seems vb5prog has been a little busy. But,
No offense intended
SHA-1, MD5
EiSecure, et all, he just wanted to know about
how Windows NT takes the password
Alternatives are good, but it seems to be a waste of time when
the poster hasn't come back yet to process the first responses.
Lets wait and see what he comes back with.
-Lou
-
Jul 22nd, 2001, 10:03 PM
#14
Thread Starter
Lively Member
you guys ramble on
if you can tell me how to take a string such as "passport" and hash it exactly like windowsNT makeing it look something like "1A3F35A7B1C8D9E" on and on it stops at 34 characters i believe . Screw cracking it who needs to crack it when you can do this
use NT's own hashing algorithm to match other hashes
Administrator:1F4B82B96E6F9A1F4B82B96E6F9A
brute forcing.....
passing = 2B96E6F9A1F4B82B96E6FBC
passport = 1F4B82B96E6F9A1F4B82B96E6F9A
try to understand
then if the hash for passport = password hash then
password = passport
run through a dictionary file and hash the passwords in real time and then compare them to the aquired hashes
find and run L0phtCrack
yes there is ^ zero instead of an O
you might understand
Windows XP Professional
Microsoft Visual Basic 6.0 Professional
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|