Slashdot Mirror


Letters-Only LM Hash Database

Peter Clark writes "Disk storage has increased tremendously in the past 5 years and the blatant insecurities in the antiquated LM hashing technique have not gone away; though functionality has been added to disable LM hashes, this is not set by default. With some help from Elcomsoft, simple flat files have been created that hold every combination of LM hash for letters only passwords. Jesko has coded a server application which allows you to access this database. Simply telnet to: beginningtoseethelight.no-ip.org on port 2501 and paste in a LM hash. So how does this differ from Rainbow tables? Well this will return a password 100% of the time, using minimal processor power, in approximately less than 0.2 seconds."

3 of 237 comments (clear)

  1. Please explain by Anonymous Coward · · Score: -1, Redundant

    Could anyone make clear what at LM hash is? And what is the difference between this password file and a dictionary?

  2. What is an LM hash? by kevin_conaway · · Score: -1, Redundant

    Could someone please explain what an LM hash is?

  3. Re:LM Hash by Anonymous Coward · · Score: -1, Redundant

    Doesn't matter how long the password is, LM hashing splits it up into nice bite-sized 7-character segments to ease cracking.

    How awfully nice of them!