1T isn't much space...the complete windows lm and ntlm sets:
I'm sure tittentei has great advice and has given advice for windows AD auditing in other threads here before.
Thank you for answering me and taking me to the discussion made by tittentei on his ntlm/lm performance. Space is not much of an issue for me as I'm planning to buy the whole ntlm/lm hashes set from the website.
However, i would appreciate if you explain me briefly the exact difference between lm and ntlm hashes? I know that ntlm hashes adds its challenge as a salt to increase complexity. But in terms of rainbow tables and in hashing cracking terms what is the real difference? I want to know..
LM is case insensitive and split into 2 7 character halves and is *very* fast to attack since the longest length you ever have to deal with is 7. The best way to ensure LM hashes are not stored is to use a password >= length 15.
NT on disk does not have a challenge or salt and is UCS-2LE encoded (UTF-16LE) and then the md4 of that is stored. It properly obeys case and there are no shortcuts regarding it split in half. If you have the pair then rcracki_mt can be fed the hashes and attack the LM and use the NT to do case correction/unicode correction for the full answer.
I don't have a good quantification of speed off the top of my head but while it is trivial to break almost all LMs (mixed case, numbers, symbols), NT hashes take much longer to attack by any means and while we have tables for mixed case, numbers, and symbols through length 8, no such tables exist for length 9. We have a number of tables that go past length 8 but these are not full coverage of all 4 character groups.