Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online

[Chris Harrington <charrington () NITROSECURITY COM>]

To clarify, my response was not an either or, you need to do both 1 and
2. Dave is right in that you would need to have a 15+ character password
to be secure if you don't disable LANMAN hashes.
 
--Chris
 
Christopher Harrington 
Chief Technology Officer 
nitrosecurity 
o: 603.766.8160 
c: 603.969.0592 
e: charrington () nitrosecurity com <mailto:charrington () nitrosecurity com>

w: www.nitrosecurity.com <blocked::http://www.nitrosecurity.com/>  

 

________________________________

From: Hull, Dave [mailto:dphull () KU EDU] 
Sent: Thursday, November 10, 2005 3:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk -- Virus
Scanning Engine Flaw + RainbowCrack Online


Actually a full set of RC tables is about 64GB and includes all letters
upper and lower, numbers and 32 symbols and a the space character. The
way RC works is to split the LM hash into two 7 character strings. It
scans the entire set of hashes for a match for the first seven
characters and repeats the process for the second half of the password.
 
In our testing, it takes about two or three minutes for a "good"
password of eight characters including upper, lower and special
characters.
 
You can either disable the use of LM hashes or choose passwords longer
than 14 characters which causes them to be NTLMv2 or some such.
 
But no, simply adding a special character to the mix is not sufficient.

--
Dave "DP" Hull, Network Security Analyst
IT Security Office, A Division of Information Services
The University of Kansas
Desk: 785-864-0429 || Mobile: 785-840-7341


        -----Original Message-----
        From: Chris Harrington [mailto:charrington () NITROSECURITY COM] 
        Sent: Thursday, November 10, 2005 1:18 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: Re: [SECURITY] YAWiTR - Yet another what is the risk --
Virus Scanning Engine Flaw + RainbowCrack Online
        
        
        Their NTLM hashes cover up to 8 character passwords, as long as
the password does not have a symbol. Their LANMAN hashes are up to 7
character passwords. The easiest way to make sure you are not affected
by this site is to:
         
        1. Disable support for LANMAN if not needed. Here is a good link
on how to: http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf
        2. Include a symbol in your password policy.
         
        If you don't want to disable support for LANMAN you will need an
8 character password that has at least one symbol in it. Adding symbols
to their Rainbow tables will add years to the time it will take to
generate them. The same for 8 character LANMAN passwords. 
         
        --Chris 
         
        Christopher Harrington 
        Chief Technology Officer 
        nitrosecurity 
        o: 603.766.8160 
        c: 603.969.0592 
        e: charrington () nitrosecurity com
<mailto:charrington () nitrosecurity com>  
        w: www.nitrosecurity.com
<blocked::http://www.nitrosecurity.com/>  

         

________________________________

        From: James H Moore [mailto:jhmfa () RIT EDU] 
        Sent: Thursday, November 10, 2005 1:58 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] YAWiTR - Yet another what is the risk --
Virus Scanning Engine Flaw + RainbowCrack Online
        
        

        - - -

         

        And between the time that I started writing this, and now, I
also found out about RainbowCrack Online.  How do you think that it will
affect password standards, or increased use of 2-factor authentication?