Uninformed: Informative Information for the Uninformed

Vol 3» 2006.Jan


Things to remember

Once a hash has been received and successfully broken, it may still not be the correct password, and accordingly not allow the attacker to log into his victims machine. That's due to the password being hashed all uppercase for LM, while the MD4 based second hash actually is case sensitive. So a hash that's been deciphered as being "WELCOME" may originally have been "Welcome" or "welcome" or even "wELCOME" or "WeLcOme" or .. well, you get the idea. Then again, how many users actually apply uncommon spelling schemes?