Slashdot Mirror
Swiss Researchers Exploit Windows Password Flaw
Bueller_007 writes "CNET is carrying an article about a new (albeit simplistic) method used to hack alphanumeric Windows passwords in a matter of seconds, rather than minutes. To blame is a 'weakness in Microsoft's method of encoding passwords.' According to the authors, the same method, when used on Mac OS X, Unix and Linux boxes, however, could require either 4,096 times more memory or 4,096 times longer."
A few more details: Mister.de writes "As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used. This was found at the
Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL)."
People are really running out of interesting stuff to "research", aren't they...
Ñ'
Good thing they're in Switzerland, or they'd get hit with a nice DMCA Lawsuit :D
"When a ball dreams, it dreams it's a frisbee"
This is hardly a news. These weaknesses have all been known for years, and the use of dictionary attacks against passwords is very common.
Bruce Schneier talks about all of these attacks and weaknesses in his book "Applied Cryptography" which was published years ago.
Visualize the world of wine
Biometric logons and encrypted /home directories?
--
This sig is inoffensive.
Either way that is too fast. Looks like another good argument for non-alphanumeric characters in your passwords.
13.6 seconds or 101 seconds doesn't make much difference, now does it? The real problem is still getting administrator access to the target computer in the first place.
Cracking becomes easier if you have access to a distributed network. Parse the table into managable chunks and throw it out to 100 computers. While the time taken to crack the password might not scale down in a linear fashion [ie: time/(N computers)], it will most definately drop the crack time down to less than an hour for those computers with 12bit salts (4906*.6min= 41 hr, 41hr/100comps= 25 minutes).
Even if the 12 bit salt for mac/linux/etc was increased in size, a scale up in the number of computers used would defeat this added protection. The trend in the comp world seems to be more connectivity between large numbers of computers. All it takes is one disgruntled folding@Home grad student out at stanford to break even the most stringent password.
It seems that increasing the size of the salt would prevent the average script kiddie from breaking your password, but does nothing to alleviate the threat distributed computing presents. So what other options are there?
And before you start yammering about Many eyes/shallow bugs or whatever, I shall use my new favorite example: the sobig worm. In order to get infected with this, a user must receive an email, save the attachment, unzip it, then execute the file contained within.
*speechless*
Now to keep it close to 13 secs, you would need 4096x more data - 1.4G x 4096 = ~5.7 Terabytes.
If you don't have any data, and have 4096 more combinations, you need to take 4096 x 1m41s ~= 4.8 days. Not quite as bad but it still looks like like we need a few more bits for the password salt...
We should just make it a 64-bit salt and not have to worry about it until Quantum computers are viable..
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Why bother cracking NT (and Win2K/XP) passwords when you can just overwrite them? Boot from this floppy and you can change any local password (including the administrator). It's been useful on more than one occasion at work...when somebody quits or is fired, I can go in and retrieve everything in just a few minutes.
That they're nearly as trivial to crack is somewhat disturbing...but given the ready availability of the password changer, it doesn't make Windows significantly less secure than it already is (hell, it can't get much less secure).
20 January 2017: the End of an Error.
I think the customers only ignore it because they've been bred on Win9x, which sort of casually asked if you felt like typing in a password, but didn't really care one way or the other if you actually did. You can't train people that passwords don't matter for 7 years and then expect them to start caring about security when you finally decide to implement it. So now we have a sea of internet users who don't know or care one whit about security all because they've been taught from the very beginning that all they ever have to do is plug it in, turn it on, and start browsing.
I strongly disagree. Maybe this 4096 times applies to the traditional single DES crypt. But execept for some rare compatibilities issues with old systems or for dumb people that create Apache .htpasswd files with it, nobody uses single DES any more for years.
Passwords hashed with MD5 and Blowfish don't have the 8 character limitation. There are still some people who like to assign users passwords like "*9_p7Z9ox" even though their system doesn't use single DES any more. This is just plenty stupid. Not only it's a hell to remember for the end user, but it's damn fast to brute force when hashes are precomputed as described in this article.
A normal password like a real sentence (ex: "I'd like to have sex with Sandra") is not only way more easy to remember, it's also orders of magnitudes harder to brute force.
{{.sig}}
"This is reason enough to migrate to Windows XP."
You spelled "The is reason enough to find a complete replacement for Windows." incorrectly.
What kind of guarantee that Win XP won't turn out to have very similiar flaws to Win 9X and in 5 yrs people would be saying "This is reason enough to migrate to Windows 2008"? I don't have those guarantees. In face, based of Microsofts history, I assume Win XP has the same sort of fundamental flaws as Win 9X, they are just not found yet. In the future, this will be a reason to pay MS more money so you can "fix" the problem.
Because people consider Linux to be too obscure to be worth spending their time attacking, it rarely succumbs to such attacks.
This is just plain false. If it were true, then there would be MUCH more attacks against Apache than IIS - but the reverse is true.
Also, even if this assertion were true, can you provide references for it (as I asked in my previous post)? Let's see some posts from Linux users who think that they're immune from hack attempts because they run Linux and not windows.
And before you start yammering about Many eyes/shallow bugs or whatever, I shall use my new favorite example: the sobig worm.
First, a worm is not a hack attempt - it's malware (along with viruses.)
Second, malware such as this has little to do with obscurity - it has to do with a mindset that ignores basic security practices (namely segregation of resources.)
With regards to upgrading, I've come to the conclusion that even though MS says they want to improve security in their products having flaws is a great way to force people to upgrade.
I'ill give NT4 as an example which is EOL'd. You're a company who has managed to get your NT4 server rock solid. A new security flaw comes out and since NT4 is EOL'd MS says no security patch for you, upgrade to Win2K.
Of course if you was a complete conspiracy theorist you could say even MS would leak holes in their old products.
It doesn't have to be a hack to be a security problem, and I was giving one undeniable (surely nobody would be stubborn enough to deny it?) example of where the only reason Linux is not affected is because it is not as widely used.
I see your points to some extent but consider Apache was been by far the most popular web server for at least the last 8 years running on various platforms. Security is in design and not proportional to popularity. Hack ATTEMPTS maybe be higher with popularity but those attempts are useless until you find the hole.
Bad boys rape our young girls but Violet gives willingly.
I read the parent post as, "Because MS uses security through obscurity, many people think that Linux distros are inherently more secure than MS." I think he meant that security through obscurity doesn't work very well.
Building a lock that cannot be picked by a blind man is a lot easier (and less effective in the real world) than building a lock that cannot be picked by someone with the blueprints.
This isn't a security problem.
Windows password hashes (both the LanManager hash described here and the newer NT hash) are never sent "in the clear" over a network, or accessible to non-admins.
Why? Because they are plaintext-equivalent. Most NT network protocols treat the hash itself as a shared secret and do not make any attempt to verify that you know the actual password.
Yes, that's right. You already don't need to know the user's unencrypted password - except possibly for changing it (I can't remember offhand whether the various password-change calls require proof of knowledge of the old password - but I don't think they do either). Once an attacker gets the hashes out of your SAM, the game is already up, even if he can't decrypt them.
Given this fact, I sometimes wonder why Microsoft even bothered to try making NTLM a secure hash. BASE64 would have done pretty much the same job.
Move along, nothing to see here. Your passwords are just as secure, or as insecure, as they ever were.
"How can you claim that you are anti-crack, while still writing a window manager?" — Metacity README
Then all I need to DoS the machine is this hammer I've got in my back pocket. DDoS? Two hammers. The moral of the story? Give someone physical access to the box and it's their box. No amount of security can prevent that.
Switching to MD5 without salt would not stop this attack, since you don't have to do MD5 -> String convertion, just lots of String -> MD5 hash conversions, and these are very fast.
MSDOS: 20+ years without remote hole in the default install
You grab the password hash off the network with a sniffer. Then you can work at cracking it for as long as you like.
----
All of whose base are belong to the what-now?
I read the parent post as, "Because MS uses security through obscurity, many people think that Linux distros are inherently more secure than MS." I think he meant that security through obscurity doesn't work very well.
:)
Security through obscurity works just fine as long as that's not your only defense. Security practices should always be done in-depth, with multiple tools to protect you. Let's say I have my gold in a safe in my house. Rather than just put my safe in the garage (where it's not obscured at all), I'm going to hide it somewhere obscure to make it harder for you to find it. Sure, you'll probably eventually find it, but combine the time to find it with the time to crack the safe and you've added more time for the police to show up. Of course, this assumes that I've already taken other measures (alarm system, etc) to complete the in-depth experience.
-Shippy
Yeah, I understand the general intention of the code. I don't think there's anything wrong with trying to make the hashing code slower, in fact, that's probably a good idea.
What does worry me is:
- The whole algorithm is extremely ad-hoc. Since it serves an important cryptographic function, it should use cryptography carefully, and this doesn't. I have faith in MD5's practical ability to mask the author's missteps, but I'm not a genius cryptographer myself so I don't know what's possible. I do think that knowing the input has a special form would be an aid to cryptanalysis of the algorithm.
- The code itself is bizarre and (IMO) buggy, which leads me to believe that nobody ever audited it. It seems likely that I was the first person to look at it carefully (7 years later when I ported it to SML)--that's really scary since it plays such a vital role in the security of the system.