8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours

HashCat, an open-source password recovery tool, can now crack an eight-character Windows NTLM password hash in less than 2.5 hours. "Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours" using a hardware rig that utilizes eight Nvidia GTX 2080Ti GPUs, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. "The eight character password is dead." From the report: It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon's cloud for just $25.

NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much. When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six. Tinker said the eight character password was used as a benchmark because it's what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance. So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

Re:Easy fix...

You're confusing the scenario. This is not about brute forcing a login form.

This is about having the hashed password saved in the domain controller (for example from a DB stolen in other ways) and forcing the password hashes there to get all the passwords in the DB.

Pro Password Recovery Guy Here

I have a datacenter full of Hashcat rigs - used to be my crypto mine but I re-purposed and now do fee-based password recovery for corporate and law enforcement clients.

Hashcat is pretty fun and has a scripting language of sorts for narrowing the attack space. If you have knowledge of the corporate password rules you're dealing with (which SIGNIFICANTLY reduce the attack space) it's actually not uncommon to discover even a complex password in a couple of days.

The bottom line is that everyone needs to use stronger passwords, and corporations really need to remove the impediments that reduce attack space.

As an example, let's take a simple example where a keyboard has all the capital and lowercase letters, and numbers 0 through 9. There are 52 possible letters and 10 possible numbers - 62 potential characters. An 8 character password has 62^8 or 218,340,105,584,896 possible combinations.

If I impose a rule that says you must have at least one capital letter, that more than halves the attack space because one combination drops from 62 possibilities to 26, and our new attack space is only 91,561,979,761,408.

If I say you have to have one capital letter and one number, that reduces a combination from 62 to 10, and our new space is only 14,768,061,251,840 passwords.

A GTX 1070 will do a Kerberos 5 password at about 145 million per second, so a single rack of 12 of them will do 1,740,000,000 passwords/second.

That means I can crack 8 characters, one capital letter and one number in a MAXIMUM of 8487 seconds, and that's assuming the correct password is the last one I try. That's less than 2.5 hours.

I have 200 of those racks in my farm, so it takes me longer to set up the job that it takes to completely exhaust that address space: 42 seconds.

So please, corporate America, keep right on with your silly password rules. They only make my job easier and more lucrative.

Re:I'm changing mine

[EmagGeek]

Won't help though, because your luggage still has to have the government-imposed back door thanks to TSA.

inconsistent

[markdavis]

>"NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much."

The example given is an old method and assumes the cracker has access to the stored encrypted password. Then the discussion turns to a wide/broad generalization about ALL password lengths, and web sites were the example. This isn't logical. An 8 character password is way strong enough if you don't have access to the stored data and all you can do is try brute force- which is easily defeated by throwing in delays or limits.

It also depends on the method used to store the passwords, even if you have access to the stored data,

Re:Note to author

[swillden]

Note to author: It was determined during WWII that repeating plaintext makes it far easier for an opponent to crack the cyphertext. Just sayin'.

This is wrong.

What you say was true of WWII-era ciphers, but with modern ciphers and constructions any system that is made easier to break by repeating plaintext is considered completely broken and discarded. We don't worry about repeated plaintext any more, we worry about ensuring that the output of the base cipher is indistinguishable from uniform random noise, and that the construction is randomized so that two encryptions of identical plaintext produce unrelated ciphertexts.

Also, your comment is off topic because encryption has nothing to do with password storage. You don't use an encryption cipher to secure passwords, you use a key derivation function, one designed specifically for passwords.

Crypto history is fascinating, and fun, but be careful applying its lessons to modern crypto.