Ophcrack Says Your Password Is Insecure

javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."

There's no way they're getting my password!

[eln (21727)]

Ha, I've got these fools beat! I don't even USE a password on my Windows box. I'd like to see you try and crack MY password!

Re:

[rmadmin (532701)]

Got it.

norad:~# echo "" | md5sum
68b329da9893e34099c7d8ad5cb9c940 -
norad:~#

Re:

[by Anonymous Coward]

echo -n "" | md5
d41d8cd98f00b204e9800998ecf8427e

His password is nothing, not a newline.

Re:There's no way they're getting my password!

[eln (21727)]

norad:~#

You may be able to crack it, but you're cheating. Clearly, working at NORAD you have access to ultra top-secret military-grade cryptographic techniques not available to your average cracker.

Re:There's no way they're getting my password!

[AuMatar (183847)]

Given the government's computer security, I'm fairly sure NORAD *IS* available to the average hacker.

Re:There's no way they're getting my password!

[pegr (46683)]

Got it.

norad:~# echo "" | md5sum
68b329da9893e34099c7d8ad5cb9c940 -

Actually, it's:
Password:
LM Hash: AAD3B435B51404EEAAD3B435B51404EE
NT Hash: 31D6CFE0D16AE931B73C59D7E0C089C0

Windows password hashes are not MD5...

Brought to you by the "genhash" utility of the PassTheHash toolkit for Windows. (Google it, it's awesome.)

Re:There's no way they're getting my password!

[ceeam (39911)]

You laugh but Windows indeed blocks some operations when no password is assigned. So - no password sometimes may be better than crackable password.

Re:There's no way they're getting my password!

[vux984 (928602)]

IMO There is absolutely no point in having a login password for stand-alone machines as it is TRIVIAL to bypass with something as easy as a boot CD/floppy that just resets the passwords, as long as you have physical access to the box, (or just yank out the hard drive and remount somewhere else).

IMO There is absolutely no point in having a lock on a bathroom door, as it is TRIVIAL to bypass with something as simple as a small screwdriver.

Oh wait, yet, despite that, it is remarkably effective at keeping people out while your in there.

Many locks and passwords are more symbolic than anything else. Most people respect the implied privacy requested by a lock or password. Even if they know they could circumvent it trivially, they don't do it.

Re:There's no way they're getting my password!

[StikyPad (445176)]

More importantly, just like the bathroom, you generally need physical access to the machine (short of some remote exploit, trojan, rootkit, etc., in which case your password is irrelevant anyway). It's a well known axiom that if an attacker has physical access to a machine, all bets are off.

This is news?

[Lord_Frederick (642312)]

How long have rainbow tables been around? And hasn't just about everyone stopped storing LM hashes?

Re:

[CJ145 (1110297)]

People that know should have, however the majority of Windows users have no clue what a LM hash is. I use the ophcrack livecd almost daily to find lost passwords. Not once on a customer computer have I found LM disabled (Windows XP systems). I have not seen any vista PC's yet so I do not know what the default is on vista.

Re:This is news?

[CastrTroy (595695)]

I remember once I tried a Linux bootable floppy that was supposed to be able to reset windows passwords, from what I recall, by just changing the value of the hash. Anyway, the drive was NTFS, and something got screwed up, and the file was unreadable. What I ended up doing was copying the same file from a computer with a similar set up (both were college issued laptops), and use the other person's username as password to log in. Anybody with enough access to the machine can get past a simple password. And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??), then you really don't have much protection, and shouldn't assume that the data on your computer is locked down.

Re:

[cbhacking (979169)]

And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??), then you really don't have much protection, and shouldn't assume that the data on your computer is locked down.

That's the idea behind BitLocker. When it was discussed on here, a lot of people compared it to FileVault, PGP/GPG, and NTFS EFS (Encrypting File System). The point is, none of those can do the kind of total protection that encrypting EVERYTHING on the system volume (and any others you want protected, except you need an unencrypted boot partition) provides.

Or, to answer your question a little differently: Yes, Windows Vista can encrypt all your data and the swap (pagefile.sys in Windows). My $DEITY, what a

Re:

[Kagami001 (769862)]

BitLocker encrypts the entire drive. If your swap file is on that drive, it's encrypted along with everything else.
BitLocker is only available in Windows Vista Ultimate.

Unrelated to BitLocker, Vista supports encrypting the swap file with a random key generated on startup (same as the way it's done in Linux). The setting is buried inside the EFS settings in Group Policy.
I don't know if the swap file encryption setting is available in all editions of Vista or not--group policy wasn't available in XP Home Edit

So...

[InvisblePinkUnicorn (1126837)]

So basically, if I want to find out the passwords on someone else's computer, I have to bring along a high capacity DVD's-worth of data as well? I might as well just pretend I'm their tech support and ask for the password.

Back in the day, getting Windows passwords was as easy as opening a program from a floppy. That's how I got an A in Spanish class when the teacher challenged us to guess what his screensaver password was (the prize was an A for the year - dumb teacher).

Re:So...

[jayhawk88 (160512)]

The point is that it can get the password in under 5 minutes. You could bring along something like L0pht, and then wait 2 weeks while it brute forces it.

Re:So...

[by Anonymous Coward]

Back in the day, getting Windows passwords was as easy as opening a program from a floppy. That's how I got an A in Spanish class when the teacher challenged us to guess what his screensaver password was

But then, you didn't really guess his screensaver password. So no prize should have been given to you.

(the prize was an A for the year - dumb teacher).

Pretty dumb to give away grades, I agree. But, then, no one expects the Spanish algorithm!

Windows is insecure by design

[by Anonymous Coward]

if i have physical access to the machine and have a bootable CD i have no need to crack any passwords
i can just reset the password and carry on, i have a customer whos 9yo girl showed me how she "cracks" her brothers password by booting in safe mode and simply removing his password
luckliy in some ways iam glad windows is insecure, i can only imagine the hell a user (and MS) would go through when you tell them that their entire photo/music collection is toast because they forgot their 21 random character hard to remember password

dont blame the user blame the whole crappy password concept

Re:Windows is insecure by design

[eln (21727)]

if i have physical access to the machine and have a bootable CD i have no need to crack any passwords
i can just reset the password and carry on,

You can do this with a Linux box as well, as well as practically any other system, so I'm not sure what your point is here.

Physical access to a box pretty much means you have root access to that box. This is why physical security is such an important part of overall system security.

Re:Windows is insecure by design

[Oktober Sunset (838224)]

either that or get grandpa to watch over your box with his 12 gauge day and night.

Re:

[Opportunist (166417)]

I think the usefulness is rather in the legitimate owner of the machine not knowing that you know his password. When his password is blown, he usually knows something's fishy.

Not to mention the fact that most people use only one or two password for pretty much every application, from their computers to online services.

Re:Windows is SECURE by design.

[Gazzonyx (982402)]

If it's sitting on the desk, I open the box and short the CMOS for 3 seconds with its jumper, and then boot up and enter BIOS, which no longer has a password. I turn on USB and plug in my portable 80 gig drive which has all my tools. ;)

Also, If it's windows 98, I can blue screen the thing with a con/con from the command line and hopefully you have the thing set to reboot on BSOD.

Re:

[xappax (876447)]

The keyboard is wirelessly connected to it [...] how do you plan on hacking it?

Point a high-gain antenna at your window and wait for you to transmit all your precious passwords from your wireless keyboard to your ultra-secured box. Likely, your keyboard will transmit your every keystroke in "plaintext", however some wireless keyboards use encryption. It's a very weak key and can be bruted offline with minimal effort.

Sleep tight :)

Couple things

[BadAnalogyGuy (945258)]

"Passwords should never be saved as plaintext"

Tell that to /etc/passwd, bitch!

Second, if you've computed all possible hash values for all possible character combinations, then it really doesn't matter what your password is, since you only have to have the input hash to the correct hash value. Since an infinite number of character strings map to a finite number of hash values, it is only a matter of building the tables before you can hack any system.

Third, if your only defense against this type of attack is a single password, you're screwed.

Fourth, if you are worried about this sort of attack and you still live with your parents, it's probably not really too critical that you implement heavy-duty, multiple-hardened points on your Gentoo system right now. You'll have plenty of time to implement that sort of security after you finish your current bag of Cheetos.

Re:

[Doctor Crumb (737936)]

It appears that the manual for Unix "First Edition" (1971) makes no mention of the password being encrypted in /etc/passwd, so it may have been stored in plaintext at that time.

However, the manual for 7th edition Unix (1979) specifically states that /etc/passwd contains the encrypted passwords. So, Unix had been encrypting passwords on disk for at least 12 years before Linux existed. The GP appears to be making things up.

Refs:
http://www.cs.bell-labs.com/who/dmr/ [bell-labs.com]
http://plan9.bell-labs.com/7thEdMan/v7vol1.p [bell-labs.com]

Test ophcrack live.

[realdodgeman (1113225)]

Ophcrack live (CD) does not crack all windows passwords, only about 99%. Still it uses only 20 minutes and can crack passwords up to 14 characters, while running from a bootable CD. And it is horrifying how few windows sysadmins who know about this...

Re:Test ophcrack live.

[gad_zuki! (70830)]

First off, it certainly does not crack 99% of passwords. A reasonable password policy means it wont crack anything. Its a 700 meg CD. Its very limited. I've seen it fail on some pretty basic stuff. Esentially toss in a !@#$%^&*()_-{};',.? and its screwed.

>And it is horrifying how few windows sysadmins who know about this...

Well, they should be asking "Why are my PCs set up to let the end user boot a CD?" Or "Why do malicious users have physical access to our machines." With physical access youre pretty much sunk. Someone could moutn ntfs, write to the registry where its stores your admin password, and set it to null. I dont care what OS you use, physical access usually means trouble. Heck, if my portable tools cant crack it, I'll just take the hard drive home and work on it at my leisure.

Re:Test ophcrack live.

[realdodgeman (1113225)]

It does crack 99% of used passwords, not 99% of theoretical passwords.

Re:Test ophcrack live.

[krbvroc1 (725200)]

No, it just makes you very flexible, perhaps double jointed.

Re:Test ophcrack live.

[tkw954 (709413)]

Ophcrack live (CD) does not crack all windows passwords, only about 99%

Can you please post a list of the remaining 1% and their hashes?

Re:

[thePsychologist (1062886)]

When I took grade ten computer class for fun I made my password 115 characters (some sentence and the digits of pi), but once I forgot it the first time and had to retype it. The teacher became frustrated so he made me make it shorter.

special chars

[by Anonymous Coward]

And that's exactly the reason why I prefer using passwords like: k|$$mY/\rs3

First three entries in the table

[HangingChad (677530)]

(blank)

password

password1 That formula will crack 90% of Windows passwords out there. The remaining 10% are what the other 14.999999 GB in the table are for.

Re:First three entries in the table

[Rob T Firefly (844560)]

Amazing! That's the same password I have on my luggage!

Things to note

[nsanders (208050)]

The title is a bit of a stretch. Some simple techniques can help protect your self from these attacks. Using special characters will greatly increase the strength of your password, since the rainbow set for ALL characters is 64GB in size. Also, a LONG password, even of simple word can increase the complexity due to its length. Something as simple as my!dear!aunt!sally would be far stronger than 1pass!

Some additional info on this topic can be seen here: http://druid.caughq.org/papers/Mnemonic-Password-Formul [caughq.org]

Windows security....

[Mc1brew (1135437)]

Windows has a security feature it uses when a user attempts to create a 15Gb table called "crashing". This makes it extremely difficult to break in using the tool defined.....

This is why two factor authentication is necessary

[colinmcnamara (1152427)]

This is a prime example of the need for a multi layered security model for authentication and authorization of your systems. There are many vendors that supply two factor authentication methods (RSA being the most well known) that provide for one time passwords. Techniques like this effectively mitigate the risk of a user account compromised by use of a hash table like this. BTW, this is nothing new. Rainbow tables have been out for ages. --Colin

Re:This is why two factor authentication is necess

[RingDev (879105)]

Or simply require your users to have passwords at least 15 characters long. There was an article out of MS a year or so ago about how the "password" is dead and that "pass phrases" will take over. Not a very well written article, but it did go over the weaknesses of short passwords, hashes, and rainbow files. They are essentially the same thing, only pass phrases are longer... much longer. Instead of having to remember "HYjK))w!x%" (which, if LM Hashed, can be cracked by a rainbow file in short order) you can remember "This is the passworrd for my new computerr". No one is going to carry a 5 terrabyte rainbow file around to try to crack a password that long. And brute force would take years. Given a few spelling mistakes and a dictionary attack will fail.

-Rick

Re:This is why two factor authentication is necess

[SQLGuru (980662)]

http://support.microsoft.com/kb/276304 [microsoft.com]

Or just force authentication against the MIT Kerberos domain.....

Your password must be at least 18770 characters and cannot repeat any of your previous 30689 passwords. Please type a different password. Type a password that meets these requirements in both text boxes.

Layne

Re:

[Opportunist (166417)]

Give it a year and someone will come up with a clever plan to decypher it again. Don't ask me how, our cypherguys are elsewhere (and I refuse to talk to them, they're creepy!). Some statistical imbalance for this or that if this or that structure is in your sentence, or a flaw in the algorithm because you now have a larger sample to work with than with traditional passwords of 5-10 characters length...

It's always been a race. Don't think one side can win forever.

Re:

[JianTian13 (525365)]

Eh?

> ttyp5 zhengyi@oracle.local.lan:~
> 0 14:11:43 504 $ echo "This is the passworrd for my new computerr" | md5
fb7393356dd5f5e6d3909e06bf64c91e

> ttyp5 zhengyi@oracle.local.lan:~
> 0 14:11:59 505 $ echo "hello12" | md5
39e8713c209ccefc6ddfafa6aedde5d1

(FreeBSD 6.2 box here; md5 came w/ the system...)

Re:

[RingDev (879105)]

A rainbow table is a pre-emptive brute force. You can do the brut force work at your leasure, then when you need to crack a LM Hash encrypted password, you just need to find a matching key in your table and enter the seed that generated that key. But the specific problem in the Windows case is the way LM Hash works. As soon as your password hits 15 characters though, the encryption runs through Kerberos. And I have not heard of any existing rainbow table solution to cracking a Kerberos password. Then again,

Windows passwords Secure?

[nick13245 (681899)]

First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest... Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes. If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables... The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656 [microsoft.com]

There's no need to crack the password

[hernano (1154471)]

Hi, There's no need to crack the LM&NT hashes of a password, you can use the hash directly on windows using this tool: http://oss.coresecurity.com/projects/pshtoolkit.htm [coresecurity.com] basically you can impersonate on your own windows machine any user if you have the hash, and then use your Windows machine to authenticate to services using that user's credentials. There's no need to know the cleartext password, unless you explicitly want to know the cleartext password to test it on other services that do not use NTLM authentication.

Re:

[woodhouse (625329)]

>If I remember correctly...

Is this another way of saying "I'm about to spew forth a load of FUD".

I guess if it's anti-microsoft FUD, it'll get modded up, right.

Re:

[Penguinisto (415985)]

Re: NT:

That may have easily been true for NT 4.0, but (IIRC) Win2k and later stretches 'em out a lot more than 8 chars, esp. with AD password policies turned on. (No, not defending 'doze per se, but it simply doesn't parse IMHO).

But then, NT 4.0 once let you have perfect access to its SAM registry keys by simply letting at.exe open regedt32 for you.

(PS: If it helps, I do agree w/ you perfectly that that's a pretty crappy password.)

/P

Re:

[pegr (46683)]

If I remember correctly NT drop anything after the first 8 characters so the password is actually "Fgpyyih8"

You do not remember correctly. LM hashes are created by hashing the first seven characters and the second seven characters, and truncating the hashes together. Yes, instead of having to brute force one fourteen character password, you have to brute two seven character passwords, a much easier proposition.

The hashes are created by using DES56 on the password chunks with a known key. In pract

Re:

[a_nonamiss (743253)]

I once took the time (and CPU horsepower) to generate 64GB worth of rainbow tables. I must've done it wrong, though, because it didn't work on anything. I'll happily admit that I was just puttering around, and probably forgot to set some switch somewhere. Fortunately, I had a server that I didn't need for a couple weeks. :)

It's not as simplistic as all that.

[Medievalist (16032)]

From the linked blog: "How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure."

Sorry Jeff, but thats a shit password. If I remember correctly NT drop anything after the first 8 characters so the password is actually "Fgpyyih8" You have one uppercase letter in there and one number. That's terrible. Where are your characters like !@#$%^&*()-_+ or extended ascii stuff? Why are you starting with a capitalized letter?

Leaving aside your incorrect remembrance of the NT LM hash algorithm, what makes you think that having funny characters, more than one uppercase, and more than one number increases your security?

Is 53cr3TPa55W@rD a better password than Fgpyyih804423? Why?

It's not a trick question. Can you demonstrate that real security is improved by having a secret string conform to a non-secret policy? Are you sure you haven't got any unexamined assumptions in your reasoning?

You also should think twice about allowing

Re:

[zlogic (892404)]

LM hashes split passwords in 8-letter chunks, and for each of them:
1) the last symbol is removed, so the chunk becomes a 7-character password
2) the password is uppercased (yeah, that's dumb)
and then hashes are calculated for these chunks.
BOTH the LM and NTLM (a much more secure hash) hashes are stored in the registry.
So to get a typical 8-character password, you only need to guess the first 7 characters in uppercase.
After that the more secure NTLM hash is used to guess the case of each character and the eig