| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chrisp at ngssoftware.com (Chris Paget) Subject: NEW windows password encryption flaw.. This is not a Microsoft screwup, or any kind of screwup in fact. It's a technique called "Hash Chaining", that the guys at Lasec have improved upon. It's a way of trading off time for memory usage for effectively generating a table of precomputed hashes; the only flaw here lies in the fact that the hashes involved are unsalted. The technique has been around a long time, and is good against ANY hash function, assuming it's unsalted. The Lasec guys have found a few improvements to the standard technique, and written a demo. (For those who know about hash chaining but can't follow the maths in the paper, the main improvement is to salt the mapping function with a predictable dynamic salt, so as to pretty much eliminate chain merging and greatly speed up lookup times. Pretty cunning). I've forwarded the message from Bugtraq below, for the benefit of those who only subscribe here. Chris ---------- Forwarded message ---------- Date: 22 Jul 2003 20:37:19 -0000 From: "bugtraq@...hslin.net" <bugtraq@...hslin.net> To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com> Subject: Cracking windows passwords in 5 seconds As opposed to unix, windows password hashes can be calculated in advance because no salt or other random information si involved. This makes so called time-memory trade-off attacks possible. This vulnerability is not new but we think that we have the first tool to exploit this. At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory trade-off method. It is based on original work which was done in 1980 but has never been applied to windows passwords. It works by calculating all possible hashes in advance and storing some of them in an organized table. The more information you keep in the table, the faster the cracking will be. We have implemented an online demo of this method which cracks alphanumerical passwords in 5 seconds average (see http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can find the password after an average of 4 million hash operation. A brute force cracker would need to calculate an average of 50% of all hashes, which amounts to about 40 billion hases for alphanumerical passwords (lanman hash). More info about the method can be found at in a paper at http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03. Philippe Oechslin On Wed, 23 Jul 2003, Darren Bennett wrote: > Is this new? I read about it on slashdot... > > http://lasecpc13.epfl.ch/ntcrack/ > > Basically, it seems that Microsoft has (yet again) screwed up the > implementation of their encryption scheme. This makes cracking any hash > a matter of seconds. Oops... > -- > ----------------------------------------------- > Darren Bennett > CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I > Sr. Systems Administrator/Manager > Science Applications International Corporation > Advanced Systems Development and Integration > ----------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > >
Powered by blists - more mailing lists