your mail

Roeland M.J. Meyer rmeyer at
Sat Dec 6 18:23:56 GMT 1997

At 02:27 07-12-97 +1100, Luke Kenneth Casson Leighton wrote:
>> The thing to keep in mind in password syncronization is that UNIX passwords
>> and NT (not LanMan) passwords cannot be decrypted from their respective
>> one-way hash ciphertexts. That is, you *cannot* convert through some
>> F:
>> NT MD4 Hash = F(UNIX salted modified DES one-way hash); Not possible! 
>> or
>> UNIX salted modified DES one-way hash = F(NT MD4 Hash); Not possible!
>> [NOTE: You could probably brute-force the weaker LanMan passwords stored in
>> the SAM back to plaintext although this would be quite compute intensive.]
>or have a really big database...

I'll have to think about this one, but in the days of $300US, 6.5 GB
Ultra-DMA drives, this is no longer an expensive approach. The disk access
may be faster than the algorithm. The point being that some brute-force
approaches are now more feasible, like using the hash, as an index, to a
dbm file.

We've been working on a RDBMS system which uses a 200 GB, Ultra SCSI, RAID
array. Off-the-shelf parts, under $20KUS. We're, of course, charging $120K
for the product <grin>. 
In DB terms, we're only talking about a Key->HASH relationship here.
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail:		mailto:rmeyer at
Personalweb pages:
Company web-site:
"The FBI doesn't want to read encrypted documents,
   they want to read YOUR encrypted documents."

More information about the samba mailing list