Re: Secure Password Policy?

[Tim <pand0ra.usa () gmail com>]

Oooo.... here we go again!

In my experience passphrases are going to be much more secure. BUT
many applications (custom and commercial), outside of Microsoft
Windows, are written to only accept up to 14 characters. MS Windows
can accept a passphrase up to 127 characters. For the most part brute
force cracking is dying and being replaced with rainbowcrack
(http://www.antsight.com/zsl/rainbowcrack/). I have a full set (44GB)
of the LanMan tables (rainbowtables.shmoo.com/) and I can blast
through in about 10-20 minutes. Currently I am building the NTLM (then
MD5 after that) tables but only up to 8 characters as I probably don't
have the disk space for anything bigger. So, if you are security
conscious and have disabled LanMan from being stored or transmitted
and _all_ of your users have 9 character passwords or passphrases,
IMHO it will be very tough to recover any passwords. Some people
recommend that you use an alt ascii character in the password but I
think it is impratical to ask users to do that. I can already picture
60 users with the password blink(alt-182).

Here is a paper I researched on Windows LanMan I welcome any
constructive feedback.

Windows LanMan Challenge/Response Based Network Authentication Protocol

There is a lot of information out there on the pitfalls of Microsoft's
implementation of LanMan. What I am going to do is go into as much
detail of the problem as I can and give workarounds to help mitigate
the vulnerability. As we know, most networks revolve around using
passwords for authentication and are great targets for black hats and
evil doers. Now let's jump in and take a look of how Microsoft uses
LanMan.

dood:1301:081CFBE2AF23C5BEB8AFD410DE448ADD:0D952209A0138C9093DDF5845EE13957:::

Here is a typical user and password pulled from the registry; dood is
the username then you have the RID (RelativeId) and finally the LanMan
(underlined) and NTLM passwords, all separated by a colon ( : ). Now,
by default, Windows sends both the LanMan and NTLM passwords across
the wire when you authenticate to another machine (be it either host
or server). Let's dig a little deeper on this whole LanMan thing and
take a look at the problems.

LanMan is encrypted using DES (Data Encryption Standard) but they do
not use a salt to throw in randomization. Also when you change your
password it is stored in ALL UPPERCASE characters and LanMan can only
be a maximum of 14 characters (NTLM has a maximum of 127). Now there
is one last big flaw, take a look at the next to passwords and see if
you notice a similarity.

dood1:1124:0AF1F736E3858B0CAAD3B435B51404EE:E5FAD982A09C13976DAEDD832EE2B4D9:::
dood2:1158:5322BF21A44579F7AAD3B435B51404EE:75EF48966F114653569A10FA87707F23:::

Notice how AAD3B435B51404EE repeats in both passwords? Well… someone
thought it was a safe idea by taking the 14 character password and
splitting it into two 7-character passwords and merging them together.
Let's say the password for dood1 is "brown", that password is only 5
characters long.  LanMan pads the rest of the 9 missing characters (to
equal 14) with the number 0. So the password will look like
"brown000000000" to the system. But remember that issue about being
split in two; it effectively becomes "brown00" and "0000000". So when
you see AAD3B435B51404EE in the password it is 0000000, taking that
one more step you are now able to visually see if the password is less
then 8 characters.

Now let's take a little look at some math. With LanMan you effectively
have only a 7 character password at best; A-Z = 26 characters, 0-9 =
10 characters, and 24 special characters (!, @, #, $, %, ^, &, *, (,
), etc) so you have a grand total of 60 characters you can use (you
can use other Unicode characters doing ALT combinations but we will
ignore those for this purpose). So 60^7 gives you 2,799,360,000,000
different combinations. Now say you have a 1.4 GHz laptop running john
the ripper (or l0pht) with 1 GB of RAM that has a key rate of
3,000,000 combinations per second, it would take 10.8 days to go
through all possible combinations.  That being said, most
organizations expire a password at 90 days. We know that passwords
cannot stay secure forever that is why we change them, but they must
be able to withstand an attack until they can be changed. Let's expand
on the math a little more.

60^7 = 2,799,360,000,000 = 10.8 days (A-Z, 0-9, special)
86^7 = 34,792,782,221,696 = 134.23 days (A-Z, a-z, 0-9, special)
62^8 = 218,340,105,584,896 = 2.3 years (A-Z, 0-9, special)
86^8 = 2992179271065856 = 31.62 years (A-Z, a-z, 0-9, special)

*Keep in mind that this is the MAXIMUM amount of time it would take
and will most likely find the password in less time.

By looking at the math it is very probable to find any 7-character
password before it expires. It is still feasible to find the password
that uses 8 characters in 90 days or less but the process would
probably have to be is split across several machines. One of the
things suggested to me by a Microsoft Incident Response person was to
make pass phrases instead of passwords. Let's jump into a tad bit more
of math and look at a 14 character password that is NOT using LanMan
(NTLM or NTLMv2).

36^14 = 6,140,942,214,464,815,497,216 combinations = 64,909,333 years (a-z, 0-9)

You could use "i have 1 dollar" as the example (which is actually
36^15 but good enough for the exercise) and the possibility of a black
hat being able to discover the password before it expires is extremely
remote. Ultimately you should look at moving to only NTLMv2 for its
security though you may need to install the clients to allow your
Windows 95, 98, NT machines to connect. As with anything make sure you
test and document your changes in a suitable environment that will not
affect current operations.

Review:
·       LanMan coverts all characters to UPPERCASE
·       Pads the password with 0's up to 14 characters
·       Password is split into two 7 character chunks
·       No randomization seed used (salt)

So now that we understand how the password deal works a little better
let's look at fixing the problems. We have to disable/remove LanMan.

1.      LanMan is stored in the SAM (Security Accounts Manager)
2.      LanMan is transmitted with the NTLM 'hash' when authentication occurs

In order to disable the transmission and storage of the LanMan
password follow the instructions from Microsoft or the PDF. Note that
after you disable the storage of passwords you will have to change the
password in order for it not to store the new password. My
understanding is that the old password will always remain.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_secinst.asp
(NT) change setting to 2 - Never sends LM password form.

http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf

Talks about current password guidance from Microsoft
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/select_sec_passwords.mspx