On Wed, Dec 20, 2000 at 12:01:51PM -0500, Andy Bastien wrote: [snip] > NTLMv2 improves on NTLMv1 by going from an 56 bit MD4 hash to a 128 > bit MD5 hash. NTLMv2 is very difficult to attack with a brute-force your still missing the point, NT still just sends this md5 hash (which is think is still unsalted) over the network where its used _as_ the password. that is the hash is simply compared with the hash stored in the password database. so if you sniff the hash you can use it to authenticate yourself against an NT server, even if you *don't* know the actual password. (this only requires a slightly modified smbclient utility) > method. This is a good thing, and it bothers me when Linux advocates > criticize Microsoft for increasing the security of their products > (especially when there are so many perfectly valid reasons to > criticize Microsoft). later versions NT makes the hash more difficult to brute force, but this only really protects you from theft of the password file and subsequent brute force decryption. the protocol SMB uses for authentication is still flawed. if the encrypted password is just as good as the password then whats the point of encrypting it? > If you disable encryption, you lose a great deal of security. I'd > like to see evidence of you cracking an NTLMv2 password sent over the > wire that consists of at least 8 characters with a mix of upper case, > lower case, digits, and punctuation. You can get L0phtcrack at > http://www.l0pht.com/l0phtcrack/. reread my post, you don't NEED to crack it, simply use the hash AS the password (with a modified smbclient) this is all in the samba documentation. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpyJVmTcU0Ff.pgp
Description: PGP signature