Educause Security Discussion mailing list archives

Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

From: Jimmy Kuo <cjkuo () VERIZON NET>
Date: Thu, 10 Nov 2005 11:59:30 -0800

While those suggestions are good, that's not the point.

A hash of a phrase that may have a symbol in it may also have a corresponding alphanumeric pattern that results in the
same hash.

This database allows someone to take a passwd file and see if any of those logins can be cracked. May simply be time
to do two-factor (or more) authentication.

Banks have a year to do it (officially, "assess the risk"). If your school has a credit union, you might want to
investigate the same technology.

Jimmy Kuo
McAfee Fellow
----- Original Message -----
From: Chris Harrington
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Thursday, November 10, 2005 11:18 AM
Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

Their NTLM hashes cover up to 8 character passwords, as long as the password does not have a symbol. Their LANMAN
hashes are up to 7 character passwords. The easiest way to make sure you are not affected by this site is to:

1. Disable support for LANMAN if not needed. Here is a good link on how to:
http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf
2. Include a symbol in your password policy.

If you don't want to disable support for LANMAN you will need an 8 character password that has at least one symbol in
it. Adding symbols to their Rainbow tables will add years to the time it will take to generate them. The same for 8
character LANMAN passwords.

--Chris

Christopher Harrington
Chief Technology Officer
nitrosecurity
o: 603.766.8160
c: 603.969.0592
e: charrington () nitrosecurity com
w: www.nitrosecurity.com

------------------------------------------------------------------------------
From: James H Moore [mailto:jhmfa () RIT EDU]
Sent: Thursday, November 10, 2005 1:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

- - -

And between the time that I started writing this, and now, I also found out about RainbowCrack Online. How do you
think that it will affect password standards, or increased use of 2-factor authentication?

Current thread:

Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- <Possible follow-ups>
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Jimmy Kuo (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online John Duksta (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Russell Fulton (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Perry, Jeff (Nov 10)