Slashdot Mirror
Swiss Researchers Exploit Windows Password Flaw
Bueller_007 writes "CNET is carrying an article about a new (albeit simplistic) method used to hack alphanumeric Windows passwords in a matter of seconds, rather than minutes. To blame is a 'weakness in Microsoft's method of encoding passwords.' According to the authors, the same method, when used on Mac OS X, Unix and Linux boxes, however, could require either 4,096 times more memory or 4,096 times longer."
A few more details: Mister.de writes "As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used. This was found at the
Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL)."
M$ passwords hacked within seconds...
Linux / Mac OSX passwords hacked within an hour too probably...
Maybe we need something just a little stronger!
...password phr4c|
The point of the article is to show off a faster, new time-memory trade-off technique, not to just down-play Windows security. The manner in which Window's password security is built simply provided an error-free sandbox for this method to be tested, and exemplified.
Don't feed the trolls.
Informatus Technologicus
Boot from this floppy
Because this doesn't require physical access to the machine? Because now some l33t d00d from another country can get passwords?
MORTAR COMBAT!
The beauty is, consider these email virii applications of this...
- Somebody reads an email with a simplified hack based on this embedded within it (don't need the whole dataset, you just reduce your hit rate)
- They unwittingly send back the machine info and an admim-level password to the hacker. (where I work, all 'owners' have admin rights on their system).
- From this, they can get admil-level access permanently, as well as a chance to download the full crack via a backdoor and get the network admin password, and from there, the whole network.
Laugh while you can, monkey-boy!
Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points
;-)
Wow, does that mean that they are getting 100MB/s from a CD-ROM? That'd be more of story than the cracking!
This is why I use Biopassword Perhaps their encryption method is just as insecure as microsoft's
I have seen BIOSes that did not encrypt the password at all.
Do you care about the security of your wireless mouse?
Not if the users use the same passwords on the compromised system as they do on other systems. That's about 99% of computer users.
I work for a small regional ISP. We use the same root password on all our systems. Even when one of them gets cracked. My boss just doesn't see what the big deal is. Sigh. (That's why I'm posting AC.)
Uh, this only disables NTLM within MS's telnet. Edit the Registry or use Group Policy to prevent client from using NTLM elsewhere.
As with many file based cracks, it is at very least debatable over the need for Administrator access on the box itself. One method that I used to see in the L0phtCrack days was to boot the machine using a black box distribution on a floppy (compressed minimal *nix kernel with ntfs support) then grab the .sam file from the hard drive itself. From there, you can take your time cracking the Administrator password, and then with that access you can remotely dump the registry database on the server from any box on the network. Then all thats needed is the time to crack away at leisure. Note that the domain controller registry contains user/password hash for all users on the domain, while the .sam file only contains the local admin password hash (and possibly a few others ... its been a while).
.sam file off of the hdd and run good ole L0pht ... bang! 15 seconds later (if of course the dictionary attack works) and you have the password.
On a small aside, this can also be handy as hell when your a computer store looking at a perfectly good server box that the admin (and I use the term lightly) has forgotten the password to. Rather than reinstall the entire box, pull the
Oh and as a counter to the comment about the security of unix passwords being only 4096 times greater, I have two words: md5 hash.
**AA: a bunch of mindless jerks who'll be the first against the wall when the revolution comes
If this is the case, it implies that Windows password hashes do not use salts. Now, I'm not claiming that salting makes the process secure (it doesn't), but it does make it orders of magnitude more intensive to compute a complete hash dictionary. At the expense of 12 bits per password (hell, use more if you want!) it seems worth it to use salts.
If that's the case, then this "news" is about 6 years old at least. Microsoft begain depreciating NTLMv1 with NT4.0 SP5.
There is a login patch for Win98 that forces it to use NTLM2.
Also, many Samba configurations do not use NTLMv2 (or even NTLMv1). So, Samba installs may be more vulnerable to this attack than Win 2000 and up.
There is no immediate future for a table driven attack on this algorithm (Which can be recognized by the '$1$...' prefix.
HP-UX, Solaris and AIX, however still use the old 12 bit salted DES derived passwords.
Poul-Henning Kamp -- FreeBSD since before it was called that...
...in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points.
To be honest, this isnt as much of a scare as most people would think. A person willing to crack a password in ~13.6 seconds would no doubt be willing to take the extra minute regardless.
Plus you need Administrator privelages to get the hash file anyways, so you'd be able to access anything needed locally anyways.
Finally, crackers wouldnt be able to escalate to these privelages in the first place (hey, they wouldnt have any access on the system), so there really isnt anything for anyone to be concerned.
Cain & Able requires you to install a service which requires administrative rights as well.
To sniff traffic it requires installing a packet driver... which also requires administrative rights.
Don't you think that the overall animosity towards Microsoft by the techie community has at least something to do with this? For that matter, perhaps one reason why there are fewer attacks on Apache servers is the reverse of the anti-MS feelings. I'm not stating it as fact, just musing. My Apache logs show tons of IIS-type attacks but very few Apache attacks. There are a ton of known vulnerabilities for older versions of Apache, yet for some reason nobody uses them much.
My thoughts? Apache doesn't provide much in the way of default scripts, programs, or functionality. You have to do a bit of work to get it going, and how and where you set up your httpd daemon is more or less up to the admin. MS, on the other hand, provides loads of defaults (not true anymore with Win2k3) that are all in very well known locations, perfect script-kiddie fodder.
Last, I'll leave with this thought: the number of compromised Windows servers pales in comparison to the number of compromised workstations. Don't confuse the two numbers. The servers are doing better than most folks think. Not as good as Apache, but they're getting better, and Win2k3 is the closest yet.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
YOU get a clue.
A funny point, but does this scale linearly.... If you change your password more frequently than the expected average brute-force crack time, are you more vulnerable? I suppose it means that in a given time period the cracker could find any one of several passwords instead of just one.
...
Who does your Linux math, the RIAA?
one order of magnitude = 10 x
two orders of magnitude = 100 x
three orders of magnitutde = 1000 x
four orders of magntitude = 10000 x
Do you see a pattern yet?
This is pretty much what my pet project (parasite, it's in my sig) does, except it does it for crypt and md5. I'm not really sure what windows uses. The main problem I have right now is actually with GCC under cygwin. It seems to choke sometimeson the large static arrays I use to speed things up. Works fine on everything else though.
====
Crudely Drawn Games
True, but that is not really the problem. There are two different issues.
- Can an intruder get access to the system?
- Can an intruder get the password?
Obviously an intruder that can get the password can also get access to the system, but it doesn't have to be the other way around. Why is that even interesting? Well, if the same password is used in a different place, it will be interesting to protect the password even if the intruder get access to the system. Obviously encryption is not necesarry if you only want to prevent the computer from getting access. The intruder will need to get access to the system first, before he can read the password, so it doesn't matter whether the password is encrypted or not, because he already have access.The intruder that wants to get the password and don't care about getting access, cannot use the BIOS jumper/remove battery trick, because that would delete the password he wanted. Assuming the intruder found another way to read the password (like by replacing the harddisk), it would be an advantage that the password was encrypted.
Given the facts that BIOS sizes are quite limited, and few users care whether the BIOS password is encrypted, I guess BIOSes that actually encrypt the password are rare. (Strictly encrypting is not the right term, it is more like a one way function or a hash function being used).
Do you care about the security of your wireless mouse?