Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx02a_eaHRop=FarEBO+x89ntWXbrhJ2jHcHA1YB3M1uXzw@mail.gmail.com>
Date: Thu, 15 Nov 2012 08:06:41 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: LM with empty strings = password longer than 15 chars?

On Thu, Nov 15, 2012 at 7:25 AM, Aleksey Cherepanov
<aleksey.4erepanov@...il.com> wrote:
> Windows 7 does not support LM hashes. So passwords of any length would
> have LM hashes empty.
It does still support them, BUT by default they are disabled, it can
be re-enabled but that's not a good idea (security wise).
> (Empty LM hashes are a sign of password length greater than 14 only on
> Windows XP (and only if LM hashes are enabled, I guess the most system
> are so)).
This is kinda the same thing, you CAN turn LM on/off in win2k and XP
(as well as the others), it's a good idea to have LM disabled from a
security point of view, but from a recovery point of view it sometimes
makes it harder. If LM is enabled, and it's the blank hash, THEN you
can assume it's 15 or more characters. We always recommend people
disable LM using GPO's. That does not erase current LM hashes, and AD
remembers (8 by default) previous LM hashes even after this setting is
enabled, but once enabled, and passwords from that point do not
remember the LM hash. So once you enable the setting, and change your
password, then only 7 LM hashes are remain in the NTDS.dit file for
that user.
> So you need to load NT hashes. I guess the easiest to do that is to
> add '--format=nt' option to your invocation of John.
Yep, even without knowing the specifics of the LM settings, the blank
hash in the LM spot mean use NT or NT2 (is one faster than the other?
I've never been clear on that...) They are both the same format, so
I'm not sure why there are 2 implementations of it.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.