Full Disclosure mailing list archives
Re: NEW windows password encryption flaw..
From: Chris Paget <chrisp () ngssoftware com>
Date: Wed, 23 Jul 2003 15:49:40 -0400 (Eastern Daylight Time)
This is not a Microsoft screwup, or any kind of screwup in fact. It's a technique called "Hash Chaining", that the guys at Lasec have improved upon. It's a way of trading off time for memory usage for effectively generating a table of precomputed hashes; the only flaw here lies in the fact that the hashes involved are unsalted. The technique has been around a long time, and is good against ANY hash function, assuming it's unsalted. The Lasec guys have found a few improvements to the standard technique, and written a demo. (For those who know about hash chaining but can't follow the maths in the paper, the main improvement is to salt the mapping function with a predictable dynamic salt, so as to pretty much eliminate chain merging and greatly speed up lookup times. Pretty cunning). I've forwarded the message from Bugtraq below, for the benefit of those who only subscribe here. Chris ---------- Forwarded message ---------- Date: 22 Jul 2003 20:37:19 -0000 From: "bugtraq () oechslin net" <bugtraq () oechslin net> To: "bugtraq () securityfocus com" <bugtraq () securityfocus com> Subject: Cracking windows passwords in 5 seconds As opposed to unix, windows password hashes can be calculated in advance because no salt or other random information si involved. This makes so called time-memory trade-off attacks possible. This vulnerability is not new but we think that we have the first tool to exploit this. At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory trade-off method. It is based on original work which was done in 1980 but has never been applied to windows passwords. It works by calculating all possible hashes in advance and storing some of them in an organized table. The more information you keep in the table, the faster the cracking will be. We have implemented an online demo of this method which cracks alphanumerical passwords in 5 seconds average (see http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can find the password after an average of 4 million hash operation. A brute force cracker would need to calculate an average of 50% of all hashes, which amounts to about 40 billion hases for alphanumerical passwords (lanman hash). More info about the method can be found at in a paper at http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03. Philippe Oechslin On Wed, 23 Jul 2003, Darren Bennett wrote:
Is this new? I read about it on slashdot... http://lasecpc13.epfl.ch/ntcrack/ Basically, it seems that Microsoft has (yet again) screwed up the implementation of their encryption scheme. This makes cracking any hash a matter of seconds. Oops... -- ----------------------------------------------- Darren Bennett CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I Sr. Systems Administrator/Manager Science Applications International Corporation Advanced Systems Development and Integration ----------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Re: NEW windows password encryption flaw.. Chris Paget (Jul 23)
- Re: NEW windows password encryption flaw.. Corey Hart (Jul 23)
- Re: NEW windows password encryption flaw.. Jeremy Gaddis (Jul 23)
- Re: NEW windows password encryption flaw.. 3APA3A (Jul 23)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Off-Topic: Defcon Meeting? Daniel Berg (Jul 23)
- Re: Off-Topic: Defcon Meeting? Steve Bremer (Jul 24)
- Re: Off-Topic: Defcon Meeting? Thor Larholm (Jul 24)
- Re: Off-Topic: Defcon Meeting? 404 (Jul 24)
- RE: Off-Topic: Defcon Meeting? Robert Davies (Jul 24)
- Re: Off-Topic: Defcon Meeting? misiu_ (Jul 28)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)