Here is a yahoo story on the same problem... Others seem to think that it is indeed a problem (and one that ONLY affects Windows).
http://story.news.yahoo.com/news?tmpl=story&cid=620&ncid=620&e=1&u=/nf/20030723/bs_nf/21952On -Darren Wed, 2003-07-23 at 13:24, 3APA3A wrote: > Dear Darren Bennett, > > Windows uses password hash in a same way as Unix uses cleartext > password. Having password hash you can connect to Windows network > without knowledge of cleartext password (I spent 2 minutes to modify > smbclient to use hash instead of password and 5 minutes to test, you can > try to do it as a challenge... Hint: all you need is to skip MD4 > encoding if password is already looks like MD4 hash). So, cracking of > Windows hashes gives you nothing in fact. > > > --Wednesday, July 23, 2003, 9:48:51 PM, you wrote to [EMAIL PROTECTED]: > > DB> Is this new? I read about it on slashdot... > > DB> http://lasecpc13.epfl.ch/ntcrack/ > > DB> Basically, it seems that Microsoft has (yet again) screwed up the > DB> implementation of their encryption scheme. This makes cracking any hash > DB> a matter of seconds. Oops... -- ----------------------------------------------- Darren Bennett CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I Sr. Systems Administrator/Manager Science Applications International Corporation Advanced Systems Development and Integration ----------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
