11. Proof that case doesn’t matter Password = E52CAC67419A9A22 4A3B108F3FA6CB6D PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D Password1 = E52CAC67419A9A22 38F10713B629B565
12. NTLM HASHES Uses MD4 algorithm to create a hash of the mixed-case password Results in a 16 byte hash of the password (stored in the SAM…) Used for any password greater than 14 characters
14. Proof that case DOES matter Password = F15ABD57801840F3 348DDCCAFB677F6A PaSSwORd = 17504CE07C0A0D4A 1BD3A99A0821F957 Password1 = F9A3152D926F9FF8 98D0BAFBA0BFFD30
15. NTLM Hash Considerations Case preserving Maximum length = 127 characters Better Security than LM Hashes Number of ≤14-character password (full char set) ≈ 2.7*1067 Number of 127-character passwords ≈ 4.9*10611