Penetration Testing mailing list archives
Re: Secure Password Policy?
From: Tim <pand0ra.usa () gmail com>
Date: Fri, 20 Jan 2006 00:11:46 -0700
Oooo.... here we go again! In my experience passphrases are going to be much more secure. BUT many applications (custom and commercial), outside of Microsoft Windows, are written to only accept up to 14 characters. MS Windows can accept a passphrase up to 127 characters. For the most part brute force cracking is dying and being replaced with rainbowcrack (http://www.antsight.com/zsl/rainbowcrack/). I have a full set (44GB) of the LanMan tables (rainbowtables.shmoo.com/) and I can blast through in about 10-20 minutes. Currently I am building the NTLM (then MD5 after that) tables but only up to 8 characters as I probably don't have the disk space for anything bigger. So, if you are security conscious and have disabled LanMan from being stored or transmitted and _all_ of your users have 9 character passwords or passphrases, IMHO it will be very tough to recover any passwords. Some people recommend that you use an alt ascii character in the password but I think it is impratical to ask users to do that. I can already picture 60 users with the password blink(alt-182). Here is a paper I researched on Windows LanMan I welcome any constructive feedback. Windows LanMan Challenge/Response Based Network Authentication Protocol There is a lot of information out there on the pitfalls of Microsoft's implementation of LanMan. What I am going to do is go into as much detail of the problem as I can and give workarounds to help mitigate the vulnerability. As we know, most networks revolve around using passwords for authentication and are great targets for black hats and evil doers. Now let's jump in and take a look of how Microsoft uses LanMan. dood:1301:081CFBE2AF23C5BEB8AFD410DE448ADD:0D952209A0138C9093DDF5845EE13957::: Here is a typical user and password pulled from the registry; dood is the username then you have the RID (RelativeId) and finally the LanMan (underlined) and NTLM passwords, all separated by a colon ( : ). Now, by default, Windows sends both the LanMan and NTLM passwords across the wire when you authenticate to another machine (be it either host or server). Let's dig a little deeper on this whole LanMan thing and take a look at the problems. LanMan is encrypted using DES (Data Encryption Standard) but they do not use a salt to throw in randomization. Also when you change your password it is stored in ALL UPPERCASE characters and LanMan can only be a maximum of 14 characters (NTLM has a maximum of 127). Now there is one last big flaw, take a look at the next to passwords and see if you notice a similarity. dood1:1124:0AF1F736E3858B0CAAD3B435B51404EE:E5FAD982A09C13976DAEDD832EE2B4D9::: dood2:1158:5322BF21A44579F7AAD3B435B51404EE:75EF48966F114653569A10FA87707F23::: Notice how AAD3B435B51404EE repeats in both passwords? Well… someone thought it was a safe idea by taking the 14 character password and splitting it into two 7-character passwords and merging them together. Let's say the password for dood1 is "brown", that password is only 5 characters long. LanMan pads the rest of the 9 missing characters (to equal 14) with the number 0. So the password will look like "brown000000000" to the system. But remember that issue about being split in two; it effectively becomes "brown00" and "0000000". So when you see AAD3B435B51404EE in the password it is 0000000, taking that one more step you are now able to visually see if the password is less then 8 characters. Now let's take a little look at some math. With LanMan you effectively have only a 7 character password at best; A-Z = 26 characters, 0-9 = 10 characters, and 24 special characters (!, @, #, $, %, ^, &, *, (, ), etc) so you have a grand total of 60 characters you can use (you can use other Unicode characters doing ALT combinations but we will ignore those for this purpose). So 60^7 gives you 2,799,360,000,000 different combinations. Now say you have a 1.4 GHz laptop running john the ripper (or l0pht) with 1 GB of RAM that has a key rate of 3,000,000 combinations per second, it would take 10.8 days to go through all possible combinations. That being said, most organizations expire a password at 90 days. We know that passwords cannot stay secure forever that is why we change them, but they must be able to withstand an attack until they can be changed. Let's expand on the math a little more. 60^7 = 2,799,360,000,000 = 10.8 days (A-Z, 0-9, special) 86^7 = 34,792,782,221,696 = 134.23 days (A-Z, a-z, 0-9, special) 62^8 = 218,340,105,584,896 = 2.3 years (A-Z, 0-9, special) 86^8 = 2992179271065856 = 31.62 years (A-Z, a-z, 0-9, special) *Keep in mind that this is the MAXIMUM amount of time it would take and will most likely find the password in less time. By looking at the math it is very probable to find any 7-character password before it expires. It is still feasible to find the password that uses 8 characters in 90 days or less but the process would probably have to be is split across several machines. One of the things suggested to me by a Microsoft Incident Response person was to make pass phrases instead of passwords. Let's jump into a tad bit more of math and look at a 14 character password that is NOT using LanMan (NTLM or NTLMv2). 36^14 = 6,140,942,214,464,815,497,216 combinations = 64,909,333 years (a-z, 0-9) You could use "i have 1 dollar" as the example (which is actually 36^15 but good enough for the exercise) and the possibility of a black hat being able to discover the password before it expires is extremely remote. Ultimately you should look at moving to only NTLMv2 for its security though you may need to install the clients to allow your Windows 95, 98, NT machines to connect. As with anything make sure you test and document your changes in a suitable environment that will not affect current operations. Review: · LanMan coverts all characters to UPPERCASE · Pads the password with 0's up to 14 characters · Password is split into two 7 character chunks · No randomization seed used (salt) So now that we understand how the password deal works a little better let's look at fixing the problems. We have to disable/remove LanMan. 1. LanMan is stored in the SAM (Security Accounts Manager) 2. LanMan is transmitted with the NTLM 'hash' when authentication occurs In order to disable the transmission and storage of the LanMan password follow the instructions from Microsoft or the PDF. Note that after you disable the storage of passwords you will have to change the password in order for it not to store the new password. My understanding is that the old password will always remain. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_secinst.asp (NT) change setting to 2 - Never sends LM password form. http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf Talks about current password guidance from Microsoft http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/select_sec_passwords.mspx
Current thread:
- Re: Secure Password Policy?, (continued)
- Re: Secure Password Policy? List Spam (Jan 22)
- Re: Secure Password Policy? Neil (Jan 22)
- List of "clickable" on-line pen-test tools Petr . Kazil (Jan 23)
- Re: List of "clickable" on-line pen-test tools Ivan . (Jan 24)
- Re: List of "clickable" on-line pen-test tools Alvin Oga (Jan 25)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
- Message not available
- Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)
- Re: Secure Password Policy? Tim (Jan 21)
- Re: Secure Password Policy? Tim (Jan 21)
- "Ping scan" through Google Petr . Kazil (Jan 22)
- Re: "Ping scan" through Google -- Perl version for *NIX Peter Hille (Jan 22)
- Re: "Ping scan" through Google Robert Wesley McGrew (Jan 22)
- Re: "Ping scan" through Google pagvac (Jan 23)
- Re: Secure Password Policy? David M. Zendzian (Jan 22)
- Re: Secure Password Policy? Brian Anderson (Jan 22)
- Re: Secure Password Policy? bf (Jan 21)