Swiss Researchers Exploit Windows Password Flaw

Bueller_007 writes "CNET is carrying an article about a new (albeit simplistic) method used to hack alphanumeric Windows passwords in a matter of seconds, rather than minutes. To blame is a 'weakness in Microsoft's method of encoding passwords.' According to the authors, the same method, when used on Mac OS X, Unix and Linux boxes, however, could require either 4,096 times more memory or 4,096 times longer." A few more details: Mister.de writes "As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used. This was found at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL)."

Scary stuff...

M$ passwords hacked within seconds...

Linux / Mac OSX passwords hacked within an hour too probably...

Maybe we need something just a little stronger!

physical access

[MORTAR_COMBAT!]

Boot from this floppy

Because this doesn't require physical access to the machine? Because now some l33t d00d from another country can get passwords?

Re:I don't understand

[whorfin]

The beauty is, consider these email virii applications of this...
- Somebody reads an email with a simplified hack based on this embedded within it (don't need the whole dataset, you just reduce your hit rate)
- They unwittingly send back the machine info and an admim-level password to the hacker. (where I work, all 'owners' have admin rights on their system).
- From this, they can get admil-level access permanently, as well as a chance to download the full crack via a backdoor and get the network admin password, and from there, the whole network.

Re:Only 4096 more time on Unix ?

[pclminion]

I think they might be assuming a 12-bit salt added to the hash. This would make the hash dictionary 4096 times larger, since they would have to compute the hash of each password 4096 times (for each possible 12-bit salt value).

If this is the case, it implies that Windows password hashes do not use salts. Now, I'm not claiming that salting makes the process secure (it doesn't), but it does make it orders of magnitude more intensive to compute a complete hash dictionary. At the expense of 12 bits per password (hell, use more if you want!) it seems worth it to use salts.

UNIX uses 64 bits salt

[phkamp]

The MD5 based password scrambler I wrote for FreeBSD in 1994 uses a 64 bit salt, and has subsequently been adopted by NetBSD, OpenBSD, Cisco GLIBC and pressumbably MAC OSX.

There is no immediate future for a table driven attack on this algorithm (Which can be recognized by the '$1$...' prefix.

HP-UX, Solaris and AIX, however still use the old 12 bit salted DES derived passwords.

Not really that much of an issue...

[MoogMan]

...in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points.

To be honest, this isnt as much of a scare as most people would think. A person willing to crack a password in ~13.6 seconds would no doubt be willing to take the extra minute regardless.

Plus you need Administrator privelages to get the hash file anyways, so you'd be able to access anything needed locally anyways.

Finally, crackers wouldnt be able to escalate to these privelages in the first place (hey, they wouldnt have any access on the system), so there really isnt anything for anyone to be concerned.