Penetration Testing mailing list archives
Re: Passwords with Lan Manager (LM) under Windows
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 22 Sep 2005 01:30:01 -0700
Last one-- I already said why you can't pre-compile NTLMv2: The hash generated for the challenge/response exchange not only includes the password, but user/domain data as well.
If my password was "I'mNotGoingToArgueAboutThisAnymore!" then that could be pre-compiled into a rainbow table for NTLM (if you actually went that far out.) But with NTLMv2, the hash is generated from "I'mNotGoingToArgueAboutThisAnymore!" plus usernameATdomainDOTcom. You would have to precompile every possible password combination with every possible user/domain name. Ain't gonna happen.
And I'm not sure where you are getting your info regarding Microsoft "dropping NTLMv2 for backward compatibility." Backward compatibility is already there! Regardless, the new settings I have for LanMan auth levels in addition to the NTLM SSP settings for both client and server that I currently have configured in my install of Longhorn say that you are mistaken...
Not to be rude, but I've said all I have to say on the subject, and don't see any point in bickering... I'm available off-line if you want to discuss this any further.
t----- Original Message ----- From: "Craig Wright" <cwright () bdosyd com au> To: "Thor (Hammer of God)" <thor () hammerofgod com>; <pand0ra.usa () gmail com>; <pen-test () securityfocus com>
Sent: Wednesday, September 21, 2005 11:41 PM Subject: RE: Passwords with Lan Manager (LM) under Windows First "You can't precompile that data into a rainbow, you know?". Please explain why not. HMAC-MD5 message authentication and MD4 are used to create the challenge. There are rainbow tables for both of these - yes they take more time to search the challenges but they exist. Publicly available MD4 rainbow tables are still in early development and mostly only cover "alpha numeric"...but they exist. Yes (before you state that this does not supply an attacker with the password itself) I do understand that using a rainbow table against the challenge hash does not give you the password itself. But it can give you access to the system. Personally what I care about is if the system is accessed not if the password is known by the attacker. If I have access to the system I can do damage. Install a keylogger for example if all I wanted was the password. "Well, that's an issue with the client"...well we are talking a client server environment. Both are necessary. Yes IBM created Lanman, I read the RFC when they first submitted it, but MS implemented it, not IBM. PS to this, MSFT are dropping NTLMv2 at the expense of causing issues with backward compatibility... Please explain why if "NTLMv2 is tight". This is a BIG step for MSFT and one I do really applaud. ***---***---*** Gratuitous MSFT Quote ***---***---*** "All three algorithms (MD4, MD5 and DES - my my... NTLMv2) show signs of "extreme weakness" and have been banned", Michael Howard - Microsoft. ***---***---*** Gratuitous MSFT Quote ***---***---*** As I said earlier "Kerberos support with IPsec" And by this yes certificates are the best. I still stick by IPsec based auth as I did state in an earlier post "Kerberos support with IPsec" which is a valid option as I originally stated it, the alternative being Kerberos without IPsec. IPsec is used in this case to protect the traffic between the systems. Why authentication as a term for IPsec. Because AH is used to negotiate between the client and the server. (and I also know that the domain controllers do not use IPsec to send encrypted Kerberos info to each other and that this needs to be taken into account in the design and placement of AD domain systems). Though preshared keys are supported - certificates are better. These are used to setup the IPsec session which is used to protect the Kerberos key exchange. Thus the first stage - before the initial "TGS request for a ticket" is to have encryption between the client and the AD server thus further protecting the process. AN IPsec session is later used from the Kerberos client to the application server (and yes I have not gone into the stages used by the TGS and AS, have just passed over the TGT, not even mentioned the 3 subprotocols used etc) protecting the ticket exchange. Craig PS - I know that this is simplified and that I could expand this further (into a few hundred page paper) to cover all the stages and miss nothing. PPS I have not even gone into collision analysis against MD5 or MD4 both of which are viable options -----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: 22 September 2005 3:46 To: Craig Wright; pand0ra.usa () gmail com; pen-test () securityfocus com Subject: Re: Passwords with Lan Manager (LM) under Windows Well, that's an issue with the client, not NTLMv2. NTLMv2 is tight. LM sucks- that's obvious (and it was IBM, not MS that gave us that one.) And yes, you can use precomputed tables against NTLM hashes, but not against NTLMv2... The NTLM hash is keyed off of the password, but NTLMv2 hashes up the password with the user's domain/user data when generating the key... You can't precompile that data into a rainbow, you know? Regarding the "IPsec based auth" reference (here I go again), I'd have to say that there is no such thing... IPSec negotiation in Windows can be based on one of three mechanisms: A pre-shared key, Kerberos, or a cert-- it is not an authentication protocol in itself... (the cert being the strongest IMO). t ----- Original Message ----- From: "Craig Wright" <cwright () bdosyd com au> To: "Thor (Hammer of God)" <thor () hammerofgod com>; <pand0ra.usa () gmail com>; <pen-test () securityfocus com> Sent: Wednesday, September 21, 2005 10:05 PM Subject: RE: Passwords with Lan Manager (LM) under Windows Further to the last post There are a number of issues with NTLMv2 and legacy applications such as Windows RAS that cause lower levels of authentication I still say that Kerberos or IPsec based auth is the best policy in windows. LanMan, NTLMv1 or V2 are vulnerable. Precomputed tables may have been uncommon 12 months ago - but that was then and this is now. Cain & Abel will use sorted Rainbow Tables for Cryptanalysis attacks Craig -----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: 22 September 2005 12:00 To: Craig Wright; pand0ra.usa () gmail com; pen-test () securityfocus com Subject: Re: Passwords with Lan Manager (LM) under Windows ----- Original Message ----- From: "Craig Wright" <cwright () bdosyd com au> To: <pand0ra.usa () gmail com>; <pen-test () securityfocus com> Sent: Wednesday, September 21, 2005 12:32 PM Subject: RE: Passwords with Lan Manager (LM) under Windows
Even NTLMv2 will break the hashing into chunks which are able to be individually broken down.
I'm not sure what you mean... NTLMv2 uses a single 128bit key for the hash, challenge and response... Or are you referring to the NTLM2 session response key (56+56+16)? If so, that is not the same thing as NTLMv2... Can you elaborate please ? t ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Passwords with Lan Manager (LM) under Windows, (continued)
- Re: Passwords with Lan Manager (LM) under Windows Tim (Sep 21)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 21)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows philippe . nospam . oechslin (Sep 23)
- Re: Passwords with Lan Manager (LM) under Windows Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 24)