|
Message-ID: <20070527101936.GB18976@openwall.com> Date: Sun, 27 May 2007 14:19:36 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: LM/NTLMv1 challenge/response cracking On Fri, May 25, 2007 at 10:14:38AM -0500, jmk wrote: > I've posted an updated version of the patch here: > http://www.foofus.net/~jmk/tools/jtr/john-1.7.0.2-netlm-netntlm-jmk-1.diff I've briefly tested this one - built on two Linux/x86 systems with OpenSSL 0.9.6m and 0.9.7g (with patches) and ran "john --test" - it worked fine. I've placed it in contrib/ and linked from the JtR homepage. Some comments on the patch: You shouldn't need "-lssl". You only use functions from "-lcrypto". Given that your patch depends on OpenSSL anyway, you could as well have it use OpenSSL's MD4 routines. However, if you prefer not to, you can update my MD4 routines to a newer revision (e-mailed to you privately). Are you still using much or any code by Olle Segerdahl in those patches? You certainly don't appear to be using any of my code in the *_fmt files (the preprocessor macro names and function names aren't code). I think that both of these copyright notices can be dropped from the *_fmt files, letting you place them in the public domain instead of claiming copyright on them if you don't mind. ;-) Not that I think it will matter for anyone as I would reimplement the code without OpenSSL anyway if I am ever to add support for these challenge/response exchanges into JtR, and I don't think the tests[] are subject to copyright. The FORMAT_NAMEs are weird. Let me suggest "LM C/R DES" and "NTLMv1 C/R MD4 DES", although I feel that I will need to re-work this naming scheme in a future version of JtR. Thank you! -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.