Letters-Only LM Hash Database

Peter Clark writes "Disk storage has increased tremendously in the past 5 years and the blatant insecurities in the antiquated LM hashing technique have not gone away; though functionality has been added to disable LM hashes, this is not set by default. With some help from Elcomsoft, simple flat files have been created that hold every combination of LM hash for letters only passwords. Jesko has coded a server application which allows you to access this database. Simply telnet to: beginningtoseethelight.no-ip.org on port 2501 and paste in a LM hash. So how does this differ from Rainbow tables? Well this will return a password 100% of the time, using minimal processor power, in approximately less than 0.2 seconds."

less than 0.2 seconds

[Sediyama]

I think someone is underestimating the /. effect.

Someone explain?

[mistersooreams]

Anyone feel that a article summary with this much technical detail should have some links or explanation of what it's actually talking about? And since I'm one of the ignorati who doesn't understand, could some please explain to me?

Re:Someone explain?

[Jaruzel]

As I understand it LM Hashes can't be reversed. So what someone has done here is pre-hashed an entire dictionary, and created a word=hash lookup system.

You telnet to it, feed it the hash, and it replies with the word.

LM hashes are how a lot of passwords are 'encrypted'

Excuse the fuzzy description... Crypto is not my strong point.

Re:Someone explain?

http://en.wikipedia.org/wiki/Lm_hash

Re:Someone explain?

[Dun+Malg]

Anyone feel that a article summary with this much technical detail should have some links or explanation of what it's actually talking about? And since I'm one of the ignorati who doesn't understand, could some please explain to me?

In simple terms, a hash is a sort of "one-way" function. Passwords are often saved as hashes. THe password is fed in one end, and the hash comes out the other. The hash is saved in a file. When one logs in and types in one's password, the system feeds what you typed in through the hash function and checks if the result matches the hash of your password. Since there is no way to reverse the hash process, it's been considered fairly safe to leave these hashes moderately unprotected. This database is, presumably, a sorted collection of the possible hashes from all letters-only passwords up to a certain length. The hash can't be reversed to get the password it came from, but a huge database of all possible hashes and their originating passwords certainly makes that irrelevant.

Re:What is an LM hash?

[bunnyman]

Windows generates and stores user account passwords by using two different password representations, generally known as "hashes." When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password. These hashes are stored in the local Security Accounts Manager (SAM) database or in Active Directory.

The LM hash is relatively weak compared to the NT hash, and it is therefore prone to fast brute force attack.

Source: http://support.microsoft.com/default.aspx?scid=KB; EN-US;q299656

Re:Non sequitur?

[stray]

it's all about a time/space trade-off:

- you have a password hash you want to crack

you can either:

- brute force your way through a long list of possible passwords to find one that matches the hash; everytime you do this, it takes a lot of time and processing power

- or you can go through all possible passwords ONCE and save the resulting hashes; subsequent cracking jobs are very fast, but you wasted a lot of space to store all possible hashes.

thus, if disk space is cheap and you can afford to keep a couple of gigs in pre-computed hashes around, you have a very fast way of cracking weak hashes. a couple of years ago, this was not possible due to hard drives being like 200MB large.

awright!

[sootman]

now we're gonna kick it old-skool and /. a telnet server! woo hoo, just like the old days! our next target: gopher://sunsite.unc.edu

Whew! I'm still safe

[DongleFondle]

I guess I'm still relatively safe though because my admin password is not only 10 characters long, but has capitals, lower case, numbers and symbols in random order.

Its H82sd*e2Tn.

Nobody is ever going to crack that!!!

Disable LM Hash

[mixmasterjake]

Unless you have machines on your network running 95/98 you should disable LM Hash in Windows. It is there only for backwards compatibility and you can disable it easily:

http://support.microsoft.com/default.aspx?scid=KB; EN-US;q299656

Re:My passwords

[delta407]

Multicase passwords do HUGE things to the statistics of the problem.

That's why Microsoft's LM hashing algorithm is so cool -- it uppercases your password before hashing. With this algorithm, multicase passwords do nothing to the statistics.

I think I'm okay for a while.

You're okay for about 2 hours and 34 minutes: that's how long it takes to traverse every possible alphanumeric input on the author's test rig. Additionally, the article suggests that tables including every possible LM hash for [A-Z0-9] would occupy only 1.2 TB of space, meaning that these lookups could be done in a matter of milliseconds instead.

Re:Holy Ratshit, Batman!

[Oestergaard]

He is not joking. And he didn't tell the whole story either; there are several either tremendous stupidities in the LM hash which makes long passwords worthless, and relatively short ones easier to break than their length would otherwise indicate (separate grouping of characters, triple-DES'ed *independently*).

The fun part is that any default install of Windows (at least up to and including XP) will send out the current users LM hash if he tries to connect to a SMB share.

So, if someone placed a link on their homepage to a patched Samba which logged LM hashes, they could gather LM hashes from most of their windows using visitors.

This would *include* those behind many firewalls, because many default firewall setups will allow *outgoing* connections - and in this particular case, it is indeed the windows client that is initiating the connection to the remote web server in order to send away the current users LM hash (along with username, domain, local machine name and other goodies).

Yes, I told CERT about this some three years ago. They wouldn't touch it with a five foot pole. I then told Microsoft about it. Their response was something like "fixing that problem would require us to re-design our windows networking layer - therefore it is not a security problem".

Well, there you have it.

But hey, if you're on Windows you're fucked anyway, and none of this should really come as a shock to you :)

It doesn't matter. Really.

[juan+large+moose]

The LM and NTLM hashes are password equivalent.

If you have the LM Hash, and the server accepts LM Authentication, you don't need the password. At all.

Likewise, if you have the NTLM Hash, and the server accepts NTLM, NTLMv2, or LMv2 authentication, then you don't need the password.

The hashes are password equivalent.

I've written it all up in my online book (slashdot review), but...

Basically, the hashes are generated with no salt...nothing to obfuscate them. The algorithm used to log in is challenge/response:

• The server sends a random 8-byte string (the "challenge").
• Both client and server encrypt the challenge using the LM and/or NTLM Hash, not the password.
• The client sends its result (the "response") back to the server.
• The server compares results. If they match, the server grants access.

So... The hash is not exposed on the wire. It has to be reversed from the challenge and response. That's possible (and fairly easy with LM Auth), but it's got little to do with the password/LM Hash database.

The only way to use the LM Hash database to reverse the challenge/response is to use it as a hash dictionary.

Chris -)-----