If you got some optimized hashroutines (md4, des etc), feel free to post the source code below.

We already have a optimized MD5 hash routine, but we still need for MD4 and DES.

how about a reduction function as well?

The reason i want the MD4 and DES function is so i can scrap the libeay32.dll file

Change the reduction function, you invalidate all generated tables. Enjoy that.

My MD4 is just a single stage of the RFC implementation with unused inputs hardwired to 0. Nothing fancy.

it will not invalidate generated tables, it will only speed up future tables. and a new rcrack would be needed, but that's not a problem, as this project already needs another rcrack(i).

While I don't have an implementation to show, I have some questions about the use of DES: why are you using the full DES, any way? If all you need is LM hashing, take a DES code, and pull out the bits you don't need for just hashing. I have studied OpenSSL's implementation, and have tried to look over John the Ripper's code for it as well. Here are a few things I would suggest for your version:

1. Since the same "secret" is used as the message to be encrypted with DES over and over, and since the first thing that is done to any message is to run it through IP (more info found here), instead of redoing that same thing over and over, just do it once, and store those results in the function. Granted, that was only a few instructions at the start of every LM hash, but any speed benefit is still a benefit.

2. In most DES versions, key scheduling is done separately from the actual encryption, due to the same key schedule being able to decrypt a message as well. In our given situation, we'll NEVER decrypt the message, we already know what the message will be every time. It makes more sense to do the key scheduling within the same loop as it is applied to the bits needed and avoid more unneeded loops.

3. As a final optimization, I think I figured out the "FastLM" hash that Cain & Abel uses. The last step of DES, after mixing the key with the message, is to run that result through an inverse set of steps that undoes what 1. above did. This is to help make decrypting an almost identical operation to encrypting, and makes code a lot more simple to work with. If we skip that last step, we reduce it by just a few more functions. Now, how would you crack these hashes? Simple, when the program is given an LM hash, simply run it through the first IP, and then use that result as the key to start looking up the hash in the table.

That's about all I have found playing around with it. I actually have a function with all this already done to it, written in C, if anyone wants to see it. It wouldn't take but a small modification to make it a true LM function, just including those last few steps to reverse the IP applied to it.

I've been thinking lately of trying to get John the Ripper's version of DES (bitslice DES) and applying similar ideas to it, and compare speeds with the version I have now. I just haven't figured out that version yet, but I'm getting closer. If someone else had a fast DES implementation, that they understood, they could easily apply the above steps to it to get a faster LM function than normally allowed.

Bit slice DES with SSE2 and soon, 2010, AVX (with the 256 bit floating point instructions since you'll only need ANDPS, ANDNPS, ORPS, and XORPS).
Only problem is that you need to modify the way generation is done since bit slicing DES means that you'll be hashing several passwords at the same time.

Hmm, seems I still have a lot to learn with bitslice...

Since you know more about it Scoobz, do you think the modifications I listed would work on bitslice DES? If nothing else, it should allow for anyone to skip over certain parts of DES, and make the encrypting/hashing faster just based on that.

With bit slicing all of the permutations IP, FP, E, P, PC-1, PC-2, and rotates don't cost anything, which means it will do the job of 1, 2, and 3. JTR does this so there is no need to write the DES code.

I'm currently searching a fast MD4 Implementation in C/C++/Asm. anyone here? In case i've to bruteforce my MSCASH hash I want to use a fast implementation

No real loss to me to post this, I suppose.

Just the reference implementation, single stage. Hardly "optimized." Though a good bit faster than libssl's MD4, as it isn't doing nearly the same amount of work.

b0-15, abcd are 32-bit unsigned integer types.

Data goes in b0 to wherever, padding bit gets set per RFC, length gets set. Remember your little endian byte ordering.

If you have a good compiler, it will optimize out unneeded registers. If not, do it manually.

BTW, I'm currently working on a fast(er) MD5 implementation...

So far i've optimized for lens < 16, and it's about 5-7% faster than the one in rcracki (5.8M vs 5.4M) - no stack is used, no memset/memcpy, but a sh*tload defines

I would love to try and make an sse2 4-in-1 routine (1 call, 4 plains, 4 hashes returned) but it doesn't look straightforward...

Make sure to compare your result to BarsWF SSE2
I bet it would show a little more than 5.8M

Pshh, you can't compare brute force to rainbow tables and expect it to be near. Brute force does 69% of an MD5 while rainbow tables need to do 100% of an MD5 (to be compatible with RainbowCrack). Also generating the next password for brute force is as simple as adding a constant while rainbow tables need to divide N times.

Ohh right don't get me wrong it will still be fast but it'll be around 1/3 to 1/5 the speed of BarsWF SSE2.