dirkmill,

I think you're right if it comes to the complete result of certicom's security
builder which is 256bit long
My idea was to do a random guess on the three lm_seeds generating
the result (the 256bit output) and compare the first 64bit output with my
valid encryption_seed1 and 2.
The probabily that i then found the correct lm_seed1/2/3 is much higher.
And because all other seeds are derived from the lm_seeds I don't have to
worry about the 256bit output anymore.

If you want to have a fast crack you should patch the desired application

tr1stan