Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Cracking Windows passwords in 5 seconds (Cool concept, unless you, you know, use Windows)
SecurityFocus BUGTRAQ Mailing List ^ | July 22, 2003 | Philippe Oechslin

Posted on 07/22/2003 8:38:27 PM PDT by Timesink

To: BugTraq

Subject: Cracking windows passwords in 5 seconds

Date: Jul 22 2003 8:37PM

Author: Philippe Oechslin

As opposed to unix, windows password hashes can be calculated in advance because no salt or other random information si involved. This makes so called time-memory trade-off attacks possible. This vulnerability is not new but we think that we have the first tool to exploit this.

At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory trade-off method. It is based on original work which was done in 1980 but has never been applied to windows passwords. It works by calculating all possible hashes in advance and storing some of them in an organized table. The more information you keep in the table, the faster the cracking will be.

We have implemented an online demo of this method which cracks alphanumerical passwords in 5 seconds average (see http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can find the password after an average of 4 million hash operation. A brute force cracker would need to calculate an average of 50% of all hashes, which amounts to about 40 billion hases for alphanumerical passwords (lanman hash).

More info about the method can be found at in a paper at http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03.

Philippe Oechslin


TOPICS: Crime/Corruption; Extended News; Miscellaneous; Technical
KEYWORDS: computersecurityin; microsoft; passwords; security; techindex; windows
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-105 next last
To: HAL9000
I'm not talking about access to encrypted files on a local box. There are any number of pretty good encryption tools available, have been for years. Windows has had "on the fly" encryption since 2K.

Yes, it can render hard drive data useless even if the machine is compromised. It can also render data useless if the user screws up. If you have users that never *ever* screw anything up I highly recommend having them encrypt their local data. Otherwise, you know of course that they'll be blaming YOU when their data is useless because they forgot their password on the day of the big presentation.
41 posted on 07/22/2003 10:15:56 PM PDT by Ramius
[ Post Reply | Private Reply | To 34 | View Replies]

To: Alas Babylon!
I hope every Windows administrator is doing the following:...

Of these, only longer passwords help against either brute-force or storage/time tradeoff attacks. (You probably know that, but many readers might not.)

42 posted on 07/22/2003 10:22:33 PM PDT by Russian Sage
[ Post Reply | Private Reply | To 15 | View Replies]

To: tortoise
Your ideas on security have been polluted by conventional practice.

Funny that. I call it the real world. :-)

This does not mean that I take security lightly. Quite the opposite. As a network manager it is the most important thing that I do. What it does mean though, is that there ARE, like it or not, certain realities that will turn security measures counterproductive.

Want eight-character complex passwords for all users? Fine, but then know that all you have to do to get access to the network is to start looking for sticky notes under keyboards. That's the only way users will be able to remember them.

Want permanent lockout on three bad passwords? Fine... but know that all I have to do to lock your CEO out of the network is try his email user against your VPN concentrator three times and I've just locked him out of your network. What fun!!

Want users to encrypt all their local data? fine... but don't let them come running to me when they forget the password they changed last night after the ninth scotch and now you have to make a presentation on a multimillion dollar contract in an hour.

Me... I'll be happy with something else.

43 posted on 07/22/2003 10:28:57 PM PDT by Ramius
[ Post Reply | Private Reply | To 40 | View Replies]

To: tortoise
That depends on how it is set up.

It depends on how valuable the information stored on it is, and thus, how determined and ruthless your potential attackers are likely to be. Give me physical control of the box, physical control of you, and a pair of pliers, and I'll be on as root in less than twenty minutes, I expect. And there are plenty of installations out there where this is a very real risk - don't underestimate the utility of access control for protecting you and the system. There's not much point in breaking your fingers to get your password if I still can't get at the machine once I have it.

44 posted on 07/22/2003 10:29:22 PM PDT by general_re (The wheel is turning but the hamster is dead.)
[ Post Reply | Private Reply | To 40 | View Replies]

To: Ramius
SecureID is out friend

;-)

45 posted on 07/22/2003 10:34:18 PM PDT by Michael Barnes
[ Post Reply | Private Reply | To 43 | View Replies]

To: Ramius
"Want users to encrypt all their local data? fine... but don't let them come running to me when they forget the password they changed last night after the ninth scotch and now you have to make a presentation on a multimillion dollar contract in an hour."

Simply ask yourself, do ATM users have trouble accessing their account information? Do ATM users have hideously long, complex passwords or utilize encryption so severe that if they lose their password they are forever locked out of their banking accounts?

If the answer is "no", then ask yourself, why would I treat my corporate users to any lower level of useability and security than that which is enjoyed by ATM and POS terminal users?

Is the answer, "I don't know any better", or "I don't like them", or "I haven't really thought about an architectural solution"?

46 posted on 07/22/2003 10:34:34 PM PDT by Southack (Media bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 43 | View Replies]

To: unix
damn 9th scotch...out=our.

Now, what was my damn password; am I logged in here? Hello?

47 posted on 07/22/2003 10:35:33 PM PDT by Michael Barnes
[ Post Reply | Private Reply | To 45 | View Replies]

To: unix
Have you implemented Secure ID anywhere? I've been meaning to look into it, but more as a hobby. I'm guessing an dev kit would be hidiously expensive.
48 posted on 07/22/2003 10:39:12 PM PDT by lelio
[ Post Reply | Private Reply | To 45 | View Replies]

To: Russian Sage
Of these, only longer passwords help against either brute-force or storage/time tradeoff attacks.

I should clarify, I mean attacks on the password hash, as in the article.

49 posted on 07/22/2003 10:39:31 PM PDT by Russian Sage
[ Post Reply | Private Reply | To 42 | View Replies]

To: Southack
Recall the days when ATM's were mostly run over SNA? Now that was "fun".
50 posted on 07/22/2003 10:40:19 PM PDT by Michael Barnes
[ Post Reply | Private Reply | To 46 | View Replies]

To: Ramius
Windows has had "on the fly" encryption since 2K.

Is it a standard feature of the operating system?

Otherwise, you know of course that they'll be blaming YOU when their data is useless because they forgot their password on the day of the big presentation.

There is not much danger of that happening. On Mac OS X 10.3, the user only needs to remember is their login password - something they typically already use. After they login, the encryption/decryption process works automatically and transparently.

Now, if the user dies and someone else needs to access the files, that could be a problem.

51 posted on 07/22/2003 10:41:00 PM PDT by HAL9000
[ Post Reply | Private Reply | To 41 | View Replies]

To: unix
SecureID is out friend

Yes, I know.

My previous statements stand, however. :-)

babysteps. :-)

52 posted on 07/22/2003 10:41:04 PM PDT by Ramius
[ Post Reply | Private Reply | To 45 | View Replies]

To: general_re; Jeff Head; Travis McGee; rdb3; Nick Danger; section9; Lazamataz; plusones
"It depends on how valuable the information stored on it is, and thus, how determined and ruthless your potential attackers are likely to be. Give me physical control of the box, physical control of you, and a pair of pliers, and I'll be on as root in less than twenty minutes, I expect. And there are plenty of installations out there where this is a very real risk - don't underestimate the utility of access control for protecting you and the system."

On some very secure systems, the user is given two passwords. One password is for normal access, and the second password is for "duress" access.

Duress is when a foreign agent is beating the crap out of your wife and baby daughter until you give him a password that accesses all of your information.

Except that while the "duress" password will give said access to most or all of your critical data, it also signals your own team to come swooping in to the rescue.

In the civilian world, something very similar is done with web honeypot servers, which lure crackers in with "real looking" data and help the feds bust them.

Typically, a good honeypot server will have "valid" credit card numbers on it, for instance, but using those numbers will have the feds on you in mere minutes, as they are programmed in to the network to signal that a crime is in progress. Use the credit card number from a honeypot and you **will** get busted.

53 posted on 07/22/2003 10:42:07 PM PDT by Southack (Media bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 44 | View Replies]

To: HAL9000
Yes it is.

Yes it still can be if they change their password and forget it.

Yes, and that's happened to me too. :-)
54 posted on 07/22/2003 10:43:00 PM PDT by Ramius
[ Post Reply | Private Reply | To 51 | View Replies]

To: lelio
I have not personally erected a SecureID architecture, but use it daily and supprot a few of the boxes here and there. I can tell you this, it's worth it's weight in gold. I wish we could go with all admin users using it as their general login pw's. It would be soooo much easier and secure.
55 posted on 07/22/2003 10:43:30 PM PDT by Michael Barnes
[ Post Reply | Private Reply | To 48 | View Replies]

To: Timesink
Assuming the numbers in the article...

This only speeds things up by a factor of 10,000, so a brute-force attack would only take about 14 hours.  That may seem much longer but a password that can be brute-force cracked in 14 hours stinks big time  And since the attacks can be done away from the target computer, what's the hurry?

Salting passwords does slow down the storage/time tradeoff attacks, but does zilch against the brute-force attack - the same password still takes only 14 hours to crack against Unix.

Does anyone know how much salt Unix uses these days? It believe it used to be only 12 bits. If that is the case now, 12 bits of salt only retard things by a factor of 4096. That could be a crack in 6 hours instead of 5 seconds with the same storage,  a crack in 5 seconds with about 4000 GB, or a crack in 100 seconds with only about 200GB.

There is no technology to make a short password secure. Use a long password whether or not they make you.
56 posted on 07/22/2003 10:45:36 PM PDT by Russian Sage
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ramius
Not to say that your previous don't stand buddy. It's a teeter-totter thing. Secure the hell out of it, it's damn near un-usable. Leave it wide open, it's fun for even your buddies to ride on..

It's all a careful balance in the long run.

57 posted on 07/22/2003 10:46:11 PM PDT by Michael Barnes
[ Post Reply | Private Reply | To 52 | View Replies]

To: Nathaniel Fischer
The easiest way is usually to just go to 'forgot password' and see if you can answer his secret question(him being your brother)
58 posted on 07/22/2003 10:47:12 PM PDT by Hot Soup
[ Post Reply | Private Reply | To 28 | View Replies]

To: Southack
Honeypots are fun on a whole other order of magnitude. Have pursued that with some satisfaction myself.

It's been fun, folks... but the battery gods have called my laptop home to valhalla for the evening. I'll check in in the morning.
59 posted on 07/22/2003 10:47:13 PM PDT by Ramius
[ Post Reply | Private Reply | To 53 | View Replies]

To: unix
"Recall the days when ATM's were mostly run over SNA? Now that was "fun"."

What, they've changed?!

Just kidding. My favorite ATM scam was the two guys who bought an old retired ATM shell at a corporate auction (the Colorado S&L had gone bankrupt back in the 1980's).

They put an Apple computer inside and rigged it to record the account data on the ATM card and the PIN data that the user typed in.

And they wheeled that puppy into a shopping mall like they owned the place.

People started lining up to use it only to get "Sorry, no funds available" error messages.

Then they came back after the weekend was over, took the machine home and then began manufacturing their own ATM cards from the valid account numbers, matched to the PINs that were typed in.

Pretty gutsy!

60 posted on 07/22/2003 10:47:31 PM PDT by Southack (Media bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 50 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-105 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson