Letters-Only LM Hash Database 237
Peter Clark writes "Disk storage has increased tremendously in the past 5 years and the blatant insecurities in the antiquated LM hashing technique have not gone away; though functionality has been added to disable LM hashes, this is not set by default. With some help from Elcomsoft, simple flat files have been created that hold every combination of LM hash for letters only passwords. Jesko has coded a server application which allows you to access this database. Simply telnet to: beginningtoseethelight.no-ip.org on port 2501 and paste in a LM hash. So how does this differ from Rainbow tables? Well this will return a password 100% of the time, using minimal processor power, in approximately less than 0.2 seconds."
Someone explain? (Score:5, Insightful)
of course... (Score:4, Insightful)
Non sequitur? (Score:3, Insightful)
Maybe I'm being a bit thick here but how does the first part of that sentence relate to the other?
Re:of course... (Score:5, Insightful)
Re:modeling unknown passwords (Score:3, Insightful)
I see this as mostly just a harbinger of Things To Come. At what point will it become a trivial matter to generate a database of all possible hashes of all possible passwords (incl. all symbols and numbers), and what will we do when that point is reached? Hide the hash file? Isn't that why we moved to hashes in the first place, because hiding the password file just didn't work?
Hashes (Score:5, Insightful)
you need only a bit more than half of it (Score:2, Insightful)
As far as I'ver understood it, every possible 7byte hash exists somewhere.
Therefore you could sort the plaintext which belongs to the hash after the hash's number.
Don't know if I'm unclear, but here is a example using single-digit-decimal numbers up to 4 (two digit binary):
[hash] / [password]
1 / 2
4 / 3
2 / 1
3 / 4
this, to save half of the space could be written as:
2
1
4
3
whereas the row number/place in the file is the hash belonging to it
.
So you would just have to jump to the row with the same number of the hash you are looking for.
Something would be needed to separate the passwords from eachother though, because the differ in length.
Therfore it would be slightly larger than the half size
Re:Holy Ratshit, Batman! (Score:1, Insightful)
Nope, that's what they did.
And more fun facts with LM hashes, your password isn't as secure either in LM. As was said before the password upper cases every letter. It only supports up to 15 characters. It breaks up passwords longer than 7 characters into two hashes which are much easier to break.
So pretty much any password is not going to be good enough using LM =/
Re:modeling unknown passwords (Score:1, Insightful)
How to NOT store LM Hash (Score:2, Insightful)
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type NoLMHash, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 1, and then click OK.
7. Restart your computer, and then change your password.
The above steps are one of the first things you should any Windows NT kernel machine that you don't want people getting into, and as you can see by this article, getting into a machine with LM hash intact is a trivial exercise at best.
For NT and Win2K there are full details here [microsoft.com].