Hacker News new | past | comments | ask | show | jobs | submit login

Yea historically the SAM file on windows has always been a weak spot because of its NTLM hashing scheme. By breaking passwords larger than 7 letters into multiple sub-password hashes it virtually guaranteed rainbow tables would destroy its security.

I used this weakness whilst working at British Telecom to legally break into some NT boxes on behalf of a FTSE 100 company whos system my team got asked to take over.

They had had a bad break up with another supplier and had lost access.

I used our Art directors MAC to break in - I did consider setting up a diy cracking farm using all our suns and running it over night but I suspect that the security department might not have approved.

Out of curiosity, why did they do this? Was hashing super computationally expensive when NTLM first appeared (NT 3.51 I think?)

I wonder if it’s for export control. 7 chars x 8 bits = 56 bits. This used to be the limit for max size of symmetric keys by the US.

The "split into 7s" thing is from LM, which goes back to the OS/2 days... and it uses DES, which operates with 56-bit keys: 7 8-bit characters. Old DES-based crypt() has a similar limit: 8 7-bit characters.

NT hashes use MD4, which wasn't invented until 1990.

I believe LM also stored the passwords in uppercase as well. The NTLM password was used, but LM was also saved for compatibility (by default) with older Windows machines.

L0pth Crack utilized this when cracking, it first found the uppercase password, then it only had to brute force the case when cracking NTLM.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact