If it ends with 1404EE, then it's easy for me – understanding LM hash flaws

Let's take a look at the LM hashes for a few passwords and see if there are any immediately noticeable patterns: 

We can already tell that this isn't an ordinary hashing algorithm.

The first two passwords have the same LM hash. The third and fourth passwords have the same last half. And finally, the last password has the same half repeated twice. Without pulling out any hacking tools, we've already figured out two important facts: the LM password is not case-sensitive, and the LM hash is two smaller hashes concatenated together! A Windows password that's protected with the LM hash is actually two seven-character passwords hashed separately.

To demonstrate this tremendous problem mathematically, let's calculate the total number of possible 14-character passwords with only letters and numbers, and compare it to the total number of pairs of seven-character passwords:

• Total 14-character passwords: 36^14 = 6.1409422 * 10^21 (about 6.1 sextillion passwords)
• Total seven-character pairs: (36^7) + (36^7) = 156,728,328,192  (about 156.7 billion passwords)

The second number is only 0.00000000255% as large as the first number. 

With the advent of Windows NT, the LM hash was replaced with the NT hash. Whereas the LM hash is DES-based and only works on a non-case-sensitive version of a 14-character maximum password split in half, the NT hash is MD4-based and calculates the hash from the UTF-16 unicode representation of the password. The results are 128 bits long in either case, and they're both easy as pie to attack.