Bugtraq mailing list archives
Re: BoS: NT Password Cracker
From: k-hamer () ntx1 cso uiuc edu (Kenneth L. Hamer)
Date: Sun, 17 Nov 1996 23:59:08 -0600
---------- From: Yuri Volobuev[SMTP:volobuev () t1 chem umn edu] Sent: Sunday, November 17, 1996 2:12 PM To: Kenneth L. Hamer Cc: Multiple recipients of list BUGTRAQ Subject: Re: BoS: NT Password CrackerOnce you have the raw hash data used to authenticate users, cracking a password becomes a simple matter of a dictionary attack. By avoiding NT's authentication subsystem entirely and using custom code you can probably speed up the process. Having 4 P6-200s chewing on _one_ account, the administrator account, should not take that long.All this math is childish, but I know for sure that for brute-force cracking of DES _big_ resources are needed, such as dedicated encoding hardware, so it's generally only can be done by governments or big corporations. May be some folks in NSA know of a better way to crack it, but I haven't heard of any. Idea of 4 PPros and few hours just dosn't fit in the picture. It's either really crappy encryption or not "any level of password complexity". Encryption scheme is probably not very good anyway because they can export it. I don't know more, I'd appreciate if somebody can explain this better.
Actually, I've engaged my brain, and of course you are correct. A dictionary attack cannot provide guaranteed results in a reasonable amount of time unless the key space is unacceptably small. Dictionary attacks make great fishing expeditions for this sort of problem, but that's not what is being claimed here. However, the fact remains that Windows NT does not store passwords in a form from which the original password can be directly recovered[1]. The "Lan Manager password" is used to encrypt a constant multiple times, using DES. Anyone conversant with the UNIX password encryption scheme should find this familiar. The "Windows NT password" is encrypted using MD-4. NT stores two versions for backwards compatibility with older systems. The possiblity exists that having the additonal information available weakens the security of this system, I don't know[2]. Looking at the Knowledge Base article again (Q102716, "User Authentication With Windows NT"), the one-way encrypted passwords are encrypted again using a reversible encryption, for "obfuscation purposes". The company (MWC, Inc.) providing this admin password recovery service does require full access to the system hard drive of the target machine, they are probably replacing the administrative password, not actually recovering the lost one. If this is the case, they need only reverse the second, unpublished, and probably relatively weak encryption, recover the keys, and replace the original one-way "encrypted" passwords with ones of their own construction. This is similar in spirit to booting your UNIX system off of a CDROM or the network and replacing the "encrypted" root password in the passwd or shadow file. The advertisement of a password "recovery" service may merely be a marketing decision, so as not to confuse the customer base. I doubt their customers would really care whether they get their original password or not, so long as they can access their machine again. In any case, since MWC clearly states that they require full access to the hard drive of the target machine (and from under a different installation of NT unless an accessable privilaged account is available), I don't think this represents a real threat. Does anyone want to conjecture how long it would take to replace the root password on a target UNIX machine, if you can access the target hard drive from a OS in which you have root access? Not counting load and unload times, I'd say under 60 seconds. How about other operating systems (VMS, MVS, etc)? Anyway, I'm willing to continue the discussion via e-mail (since I think finding possible attacks against NT is a very worthy endeavor) but in deference to the other people on the list who may not be interested I'm going to stop responding to the list. I am picking this up through Best-Of-Security anyway. Apparently BUGTRAQ sends all of its stuff there. My apologies to those inconvenienced by this discussion. - Ken [1] To be precise, Microsoft says "The first encryption is a one-way function (OWF) version of the clear text generally considered to be non-decryptable". KB Q102716 [2] Neither of the OWF passwords are ever sent over the net in the clear. Normally, one of both of the OWF passwords are used as a basis for challenge-response, depending on the client type. In pass-through authentication the OWF password is sent over a secure channel, which has a more-or-less unique session key. This fact might make interesting fodder for cryptanalysis, but is probably not being used here.
Current thread:
- Re: BoS: NT Password Cracker Kenneth L. Hamer (Nov 16)
- <Possible follow-ups>
- Re: BoS: NT Password Cracker Kenneth L. Hamer (Nov 17)
- Re: BoS: NT Password Cracker nihil () onyx infonexus com (Nov 18)