Nod password hashes
#1
Hello guyz, i'm a newbie in this forum, so maybe my question is not in the right part of the forum, but i could not find any topic which is similar to my problem.

I work for a local government, and we use NOD32 program as an endpoint protection. We have just bought the new licenese and that's why we will have to change the configuration files on those clients whose are not in our local network because these machines cannot connect to our central server to be refreshed.
So to accomplish this, I imported an .xml file which contains the different kinds of parameters and I started skiming over the content of the .xml.

There are two interesting rows in it, one of them contains the username without any encryption, and the next one ( which is not so hard to find) contains the encrypted password.

NOD passwords are usually 10 characters long the combinaton of lowercase letters and numbers which seems to me not long enough to protect a password against hashcracking if the hash type is an easily decryptable one.

Some examples (approximately):

HD 5770
NTLM: number of variations: 3 760 620 109 779 060 ; 12 min
MD5: number of variations: 3 760 620 109 779 060 ; 20 min
HD 5870
NTLM: number of variations: 3 760 620 109 779 060 ; 6 min
MD5: number of variations: 3 760 620 109 779 060 ; 10 min

I deliberately used this older models as a reference.

So finally my question is:

- Does anybody know anything about the hash type of NOD passwords? (it is 27 characters long)
- Have anybody heard about cracked NOD passwords using imported .xml files?

Any comments are appreciated

J



PS: sorry for the grammatical mistakes, english is not my native language
#2
i don't have an answer for you regarding nod32, but i'm very curious about the performance figures you just posted.

3760620109779060 combinations is about 26^11. to exhaust this keyspace in 6 minutes, you would need to be pulling about 10.45 TH/s. this kind of performance is equivalent to about 580 7970s.

i must re-think my cluster if you're telling me a single 5870 can post these kinds of numbers.
#3
(07-11-2013, 01:58 PM)epixoip Wrote: i don't have an answer for you regarding nod32, but i'm very curious about the performance figures you just posted.

3760620109779060 combinations is about 26^11. to exhaust this keyspace in 6 minutes, you would need to be pulling about 10.45 TH/s. this kind of performance is equivalent to about 580 7970s.

i must re-think my cluster if you're telling me a single 5870 can post these kinds of numbers.

You are right, i truly miscalculate something. I will check it.