[4921] in bugtraq
L0phtcrack 1.5
daemon@ATHENA.MIT.EDU (owner-bugtraq@NETSPACE.ORG)
Tue Jul 15 16:12:17 1997
From: <owner-bugtraq@NETSPACE.ORG>
Date: Tue, 15 Jul 1997 15:48:52 -0400
To: BUGTRAQ@NETSPACE.ORG
Greets everyone,
A couple of things that I haven't changed in the below announcement since
weld was kind enough to do it while I was at DefCon.
1) Microsoft now has a "fix" based upon this information - we will see if
they provide proper credit. Though I know of no sites that would be able
to widely deploy this patch.
2) SMB signing (ie SP3) can be broken in the same way that we attack the
"challenge-response".
3) the times posted below are for intel. The UltraSparc times are much
much faster.
4) The Challenge response is just as 'brute-force'-able as without this
extra 'obfuscation' level.
Full program including source and binaries
can be found at:
http://www.l0pht.com
COMMERCIAL AND GOVERNMENT USERS PLEASE SEE THE END
OF THIS FILE FOR LICENSING INFORMATION. FOR YOU THIS
PROGRAM IS SHAREWARE, FOR ALL OTHERS IT IS FREE.
