Letters-Only LM Hash Database
Peter Clark writes "Disk storage has increased tremendously in the past 5 years and the blatant insecurities in the antiquated LM hashing technique have not gone away; though functionality has been added to disable LM hashes, this is not set by default. With some help from Elcomsoft, simple flat files have been created that hold every combination of LM hash for letters only passwords. Jesko has coded a server application which allows you to access this database. Simply telnet to: beginningtoseethelight.no-ip.org on port 2501 and paste in a LM hash. So how does this differ from Rainbow tables? Well this will return a password 100% of the time, using minimal processor power, in approximately less than 0.2 seconds."
I think someone is underestimating the /. effect.
I suspect it may be the passwd itself but I am not sure since it is not clear.
Of course it's not clear, it's been hashed -- haven't you been following along?
Just junk food for thought...
Dear Slashdot Readers,
Thank you for letting us know your passwords.
Regards,
The staff of beginningtoseethelight
now we're gonna kick it old-skool and /. a telnet server! woo hoo, just like the old days! our next target: gopher://sunsite.unc.edu
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
I guess I'm still relatively safe though because my admin password is not only 10 characters long, but has capitals, lower case, numbers and symbols in random order.
Its H82sd*e2Tn.
Nobody is ever going to crack that!!!