Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

[Chris Harrington <charrington () NITROSECURITY COM>]

What you are describing is called a collision in the crypto world and is
EXTREMELY rare. 
 
--Chris


Christopher Harrington 
Chief Technology Officer 
nitrosecurity 
o: 603.766.8160 
c: 603.969.0592 
e: charrington () nitrosecurity com <mailto:charrington () nitrosecurity com>

w: www.nitrosecurity.com <blocked::http://www.nitrosecurity.com/>  


 

________________________________

From: Jimmy Kuo [mailto:cjkuo () VERIZON NET] 
Sent: Thursday, November 10, 2005 3:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk -- Virus
Scanning Engine Flaw + RainbowCrack Online


While those suggestions are good, that's not the point.
 
A hash of a phrase that may have a symbol in it may also have a
corresponding alphanumeric pattern that results in the same hash.
 
This database allows someone to take a passwd file and see if any of
those logins can be cracked.  May simply be time to do two-factor (or
more) authentication.
 
Banks have a year to do it (officially, "assess the risk").  If your
school has a credit union, you might want to investigate the same
technology.
 
Jimmy Kuo
McAfee Fellow

        ----- Original Message ----- 
        From: Chris Harrington <mailto:charrington () NITROSECURITY COM>  
        To: SECURITY () LISTSERV EDUCAUSE EDU 
        Sent: Thursday, November 10, 2005 11:18 AM
        Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk --
Virus Scanning Engine Flaw + RainbowCrack Online

        Their NTLM hashes cover up to 8 character passwords, as long as
the password does not have a symbol. Their LANMAN hashes are up to 7
character passwords. The easiest way to make sure you are not affected
by this site is to:
         
        1. Disable support for LANMAN if not needed. Here is a good link
on how to: http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf
        2. Include a symbol in your password policy.
         
        If you don't want to disable support for LANMAN you will need an
8 character password that has at least one symbol in it. Adding symbols
to their Rainbow tables will add years to the time it will take to
generate them. The same for 8 character LANMAN passwords. 
         
        --Chris 
         
        Christopher Harrington 
        Chief Technology Officer 
        nitrosecurity 
        o: 603.766.8160 
        c: 603.969.0592 
        e: charrington () nitrosecurity com
<mailto:charrington () nitrosecurity com>  
        w: www.nitrosecurity.com
<blocked::http://www.nitrosecurity.com/>  

         

________________________________

        From: James H Moore [mailto:jhmfa () RIT EDU] 
        Sent: Thursday, November 10, 2005 1:58 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] YAWiTR - Yet another what is the risk --
Virus Scanning Engine Flaw + RainbowCrack Online
        
        

        - - -

         

        And between the time that I started writing this, and now, I
also found out about RainbowCrack Online.  How do you think that it will
affect password standards, or increased use of 2-factor authentication?