A couple of things that I haven't changed in the below announcement since
weld was kind enough to do it while I was at DefCon.
1) Microsoft now has a "fix" based upon this information - we will see if
they provide proper credit. Though I know of no sites that would be able
to widely deploy this patch.
2) SMB signing (ie SP3) can be broken in the same way that we attack the
"challenge-response".
3) the times posted below are for intel. The UltraSparc times are much
much faster.
4) The Challenge response is just as 'brute-force'-able as without this
extra 'obfuscation' level.
Full program including source and binaries
can be found at:
COMMERCIAL AND GOVERNMENT USERS PLEASE SEE THE END
OF THIS FILE FOR LICENSING INFORMATION. FOR YOU THIS
PROGRAM IS SHAREWARE, FOR ALL OTHERS IT IS FREE.