Slashdot Mirror
Ophcrack Says Your Password Is Insecure
javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."
pre generated codes...yawn... didn't we have the same sort of thing - a database of md5 hashes - like a over a decade ago?
Ophcrack live (CD) does not crack all windows passwords, only about 99%. Still it uses only 20 minutes and can crack passwords up to 14 characters, while running from a bootable CD. And it is horrifying how few windows sysadmins who know about this...
Don't know about a 15gb table, but here's a 120gb LM-hash table:
http://silivrenion.com/rainbowtables/hak5_rtables_lm_all_1-7.torrent
and that's from the guys at www.rainbowtables.org
echo -n "" | md5
d41d8cd98f00b204e9800998ecf8427e
His password is nothing, not a newline.
i can just reset the password and carry on, You can do this with a Linux box as well, as well as practically any other system, so I'm not sure what your point is here.
Physical access to a box pretty much means you have root access to that box. This is why physical security is such an important part of overall system security.
This is a prime example of the need for a multi layered security model for authentication and authorization of your systems. There are many vendors that supply two factor authentication methods (RSA being the most well known) that provide for one time passwords. Techniques like this effectively mitigate the risk of a user account compromised by use of a hash table like this. BTW, this is nothing new. Rainbow tables have been out for ages. --Colin
Colin McNamara - CCIE #18233 "The difficult we do immediately, the impossible just takes a little longer"
Got it.
norad:~# echo "" | md5sum
68b329da9893e34099c7d8ad5cb9c940 -
Actually, it's:
Password:
LM Hash: AAD3B435B51404EEAAD3B435B51404EE
NT Hash: 31D6CFE0D16AE931B73C59D7E0C089C0
Windows password hashes are not MD5...
Brought to you by the "genhash" utility of the PassTheHash toolkit for Windows. (Google it, it's awesome.)
First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest... Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes. If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables... The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656
If I remember correctly NT drop anything after the first 8 characters so the password is actually "Fgpyyih8"
You do not remember correctly. LM hashes are created by hashing the first seven characters and the second seven characters, and truncating the hashes together. Yes, instead of having to brute force one fourteen character password, you have to brute two seven character passwords, a much easier proposition.
The hashes are created by using DES56 on the password chunks with a known key. In practice, I've used a DVD with rainbow tables and retrieved 99%+ successfully. For those I need 100%, I have a USB drive with a complete keyspace set of rainbow tables. Works everytime...
LM hashes split passwords in 8-letter chunks, and for each of them:
1) the last symbol is removed, so the chunk becomes a 7-character password
2) the password is uppercased (yeah, that's dumb)
and then hashes are calculated for these chunks.
BOTH the LM and NTLM (a much more secure hash) hashes are stored in the registry.
So to get a typical 8-character password, you only need to guess the first 7 characters in uppercase.
After that the more secure NTLM hash is used to guess the case of each character and the eighth character which is missing from LM.
This means that guessing a 16-character password takes at most twice the time than for a 8-char, and not something like 40^8 times as much.
More info here: http://en.wikipedia.org/wiki/LM_hash
Worse - Windows hashes are MD4! That's all that's needed.
"And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??)"
Yes, it's called "Bitlocker".
It appears that the manual for Unix "First Edition" (1971) makes no mention of the password being encrypted in /etc/passwd, so it may have been stored in plaintext at that time.
/etc/passwd contains the encrypted passwords. So, Unix had been encrypting passwords on disk for at least 12 years before Linux existed. The GP appears to be making things up.
However, the manual for 7th edition Unix (1979) specifically states that
Refs:
http://www.cs.bell-labs.com/who/dmr/
http://plan9.bell-labs.com/7thEdMan/v7vol1.pdf
First of all, this is specific new to windows (I am not a 100% windows hater) /etc/password, but in a special hidden protected file
1) Unix derived stored passwords use salt, windows doesn't, which instantly makes them far more secure.
2) Linux no longer stores the main password in
Using "funny" symbols in your passwords do help, the chances are people will use rainbow tables over brute force to crack a password, and these generaly start with known words, then random letter, ending in random symbols and such likes, meaning it will take longer to crack your password.
Assuming a person can't get inside your computer, it is possible to secure a unix derived machine.
1) Password protect the BIOS, and make the only boot device the main hard drive
2) Password GRUB, or whatever boot loader you are using, so they can only access your OS, and not as root
3) Password protect your user account, and don't allow root login, just for good measure
4) Use extra login security, like an external key device and biometric scanner, pretty rare, stops agains key loggers
5) Use an encrypted file system and swap space, if you really don't want people to get in (even if they steal your hard drive)
6) Put an electro magnetic scrambler in the case, so when it is opened without the key it wipes the entire hard drive (assuming you keep backups)
Eh?
> ttyp5 zhengyi@oracle.local.lan:~
> 0 14:11:43 504 $ echo "This is the passworrd for my new computerr" | md5
fb7393356dd5f5e6d3909e06bf64c91e
> ttyp5 zhengyi@oracle.local.lan:~
> 0 14:11:59 505 $ echo "hello12" | md5
39e8713c209ccefc6ddfafa6aedde5d1
(FreeBSD 6.2 box here; md5 came w/ the system...)
A rainbow table is a pre-emptive brute force. You can do the brut force work at your leasure, then when you need to crack a LM Hash encrypted password, you just need to find a matching key in your table and enter the seed that generated that key. But the specific problem in the Windows case is the way LM Hash works. As soon as your password hits 15 characters though, the encryption runs through Kerberos. And I have not heard of any existing rainbow table solution to cracking a Kerberos password. Then again, I've been out of the security field for a year or two now, so I may have missed that memo.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Or, to answer your question a little differently: Yes, Windows Vista can encrypt all your data and the swap (pagefile.sys in Windows). My $DEITY, what a terrible OS! Let's all stick with XP!
(Sorry, I've been using Vista and Linux side-by-side for well over a year, and can't stand XP. Sometimes it shows in my posts.)
There's no place I could be, since I've found Serenity...
BitLocker encrypts the entire drive. If your swap file is on that drive, it's encrypted along with everything else.
BitLocker is only available in Windows Vista Ultimate.
Unrelated to BitLocker, Vista supports encrypting the swap file with a random key generated on startup (same as the way it's done in Linux). The setting is buried inside the EFS settings in Group Policy.
I don't know if the swap file encryption setting is available in all editions of Vista or not--group policy wasn't available in XP Home Edition, so it wouldn't surprise me if it's crippled in Vista Home Basic and Vista Home Premium. Still, you can get to the part with the EFS settings via secpol.msc, not just gpedit.msc, so I'm not sure. Can't remeber if secpol.msc was missing from XP Home or not.
There also exist third-party utilities for XP to encrypt the swap file.