When you stop to think about how much of your life, both personal and professional, is tied to password security, it makes sense to understand how to make them as secure as possible. Certainly one of the most widespread passwords is your regular Windows login. Whether you are logging into a Windows Server 2003 Active Directory, Server 2000, or even Windows NT server, you might be very surprised to learn that the default way this password is stored on the server, and even the way it is sent across the network, may allow someone to obtain your password even if you have followed some of the best practice guidelines for choosing a so called “strong” password.

In order to understand the risks we need to take a look at exactly how passwords work in the Windows world. When you or your administrator sets your Windows password you are actually creating a specific, large number known as a hash that is stored on the server. This hash is created by using a mathematical formula that is intended to be a one way algorithm. In other words if someone knows your password and the hashing algorithm they can easily produce the hash, but if someone knows your hash it should be very computationally difficult to obtain your password. This allows the server to know if you have typed the correct password when you log on. Your client takes the password you type and converts it to the hash, which is then sent across the network to the server where it is compared with the hash that is stored on the server. If they match, the server knows that you typed the correct password. If they don’t match, then the server will alert the client that the incorrect password was typed. If someone is able to obtain the hash either while it is in transit (sniffing off the network) or from the server, then they can employ various tools to try and obtain the original password.

Available Tools
The two tools I will be focusing on today are dictionary based and rainbow table based. Until fairly recently, the most successful of these tools to “crack” Windows NT hashes were dictionary based. By successful I mean not only are they able to obtain the passwords from the hashes but are able to obtain them in a short period of time. A tool like John the Ripper can very quickly compute the hash of every single word in a dictionary file and then search for a match. Tools that perform dictionary attacks against hashes can find a password literally in seconds or at most a few minutes on a typical desktop machine. Dictionary based tools have been around long enough that they are fairly easy to obtain and run on wide variety of machines, so if someone is looking for a way to obtain Windows passwords from the hash files they really only need internet access. Some of these same tools combine a brute force method along with the dictionary attack. Brute force can find any password eventually, but the key is the time involved. On older machines or with older software it may take hundreds of hours or even more to brute force passwords that are not dictionary words and include special characters. It is worth noting that as computer speeds increase, this time is always decreasing, and with specialized hardware brute force attacks can still be carried out even against a 14 character password in a trivial amount of time.

A much larger danger to these Windows hashes however is a relatively new way to attack the hash files. Tools that use Rainbow tables are much, much more efficient at obtaining passwords even when you don’t use dictionary words, and you mix in special characters. Part of the problem has to do with the way Windows generates these hashes in the first place.

No matter which version of windows you have on your server the hashes are stored using a LanManager hash (LMHash) by default. The LMHash was developed several years ago and while newer versions of Windows support a much stronger method they still have the LMHash support enabled by default for backward compatibility. The LMHash makes attacks much easier for several reasons. First it converts all letters to capitals and then it splits the password into two seven-character blocks. Each of these blocks can be attacked separately meaning you really only have to brute force a seven-character password. Once you have the LMHash password it is a very trivial process to get the actual password from the stronger hash. Rainbow tables exploit these weaknesses and go even further by doing much of the calculation ahead of time to save time later. The end result is that even passwords created using several industry best practices like mixing characters numbers and letters, along with avoiding dictionary words can still be obtained fairly easily on regular desktop machines using rainbow tables, or other methods.

So What Can You Do?
So what do we do? Well, fortunately we have several options. Microsoft allows you to disable the weaker hash, if you are willing to give up some backward compatibility. If your network is still using Windows 95, or Windows 98, or if you have Macintosh clients you might not be able to remove the LM hashes. If your servers are Windows 2003 with Windows XP machines in your Active Directory, the LM hashes can be disabled with Group Policy. The Policy item “Network Security: Do not store LAN Manager hash value on next password change” will allow you to force the stronger hash at the next password change.

In Windows 2000 SP2 and Windows 2003 and Windows XP the same thing can be accomplished with a registry change. The registry location is:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa

You then need to add a key called: NoLMHash and give it a value of 1. An excellent article on Microsoft’s site gives details for different operating systems, and I would highly recommend reading it before making any changes to your registry. The MS article can be found at http://support.microsoft.com/?kbid=299656.

The final and perhaps easiest way to get rid of the LAN Man hash is to use passwords with 15 or more characters. Since the LAN Man hash can only store a 14 character password, if you use a password with 15 or more characters, then it can’t be stored using the weaker hash.

Of course like most things in the security world this is not a complete answer. Passwords, no matter how the hash is handled, have many inherent weaknesses and those hashes should be protected no matter how “strong” they seem to be. But removing the LAN Man hashes from your systems will go a long way toward making your passwords more secure. Additional steps include using certificates wherever possible and strong two factor authentication.

About Tom Robinette
Mr. Robinette is an experienced technical professional with a strong background in troubleshooting and maintaining LAN/WAN networks in both industrial and office environments. He has an extensive IT security background and possesses a wide range of industry and product certifications. An SDG employee since 1997, Robinette brings broad technical knowledge and excellent end-user support skills to the team. As a Systems Engineer at SDG, Robinette is responsible for the design, installation and support of Microsoft OS workstations and servers on a wide variety of Intel platforms. He is also responsible for the design, installation and troubleshooting of Cisco-based networks in both LAN and WAN environments, including Internet connectivity.

Robinette provides diverse value to clients from help desk support, basic and ongoing end-user training in administrative and industrial environments, to higher level IT management including budgets and strategic planning for both IT and security. You can reach him at tom [at] sdgky.com.

[tags]password,security,hash,john the ripper,rainbow table,lanmanager,lmhash[/tags]