Hashes prior 2003 server (LM/NTLMv1)
Taken from: http://en.wikipedia.org/wiki/LM_hash:
At a glance:
- The clear text is padded up to 14 bytes.
- Cleartext is converted to all uppercase characters.
- The clear text is divided into two 7 byte words.
- Each of the 7 Byte words is encrypted with DES.
- The encryption outcome is concatinated to the LM hash.
The intresting fact:
- The max. length of the password is allways 14 characters, concatinated by 2 7-character words. This makes is easy to crack.
Even a brute force attack must only take care about 7 character words. - Using a rainbow table is quite easy as they are smal in sice (356GB) to download. See here. I'll talk about using rainbow tables later.
Hash search engine
Check this out: http://www.hashkiller.co.uk/
A distributed search engine for hashes can be found here.