Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Ophcrack Says Your Password Is Insecure 249

javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."
This discussion has been archived. No new comments can be posted.

Ophcrack Says Your Password Is Insecure

Comments Filter:
  • by eln ( 21727 ) * on Monday September 10, 2007 @10:46AM (#20539677)
    Ha, I've got these fools beat! I don't even USE a password on my Windows box. I'd like to see you try and crack MY password!
  • This is news? (Score:3, Insightful)

    by Lord_Frederick ( 642312 ) on Monday September 10, 2007 @10:48AM (#20539711)
    How long have rainbow tables been around? And hasn't just about everyone stopped storing LM hashes?
    • Re: (Score:2, Interesting)

      by CJ145 ( 1110297 )
      People that know should have, however the majority of Windows users have no clue what a LM hash is. I use the ophcrack livecd almost daily to find lost passwords. Not once on a customer computer have I found LM disabled (Windows XP systems). I have not seen any vista PC's yet so I do not know what the default is on vista.
      • Re:This is news? (Score:4, Interesting)

        by CastrTroy ( 595695 ) on Monday September 10, 2007 @11:13AM (#20540149)
        I remember once I tried a Linux bootable floppy that was supposed to be able to reset windows passwords, from what I recall, by just changing the value of the hash. Anyway, the drive was NTFS, and something got screwed up, and the file was unreadable. What I ended up doing was copying the same file from a computer with a similar set up (both were college issued laptops), and use the other person's username as password to log in. Anybody with enough access to the machine can get past a simple password. And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??), then you really don't have much protection, and shouldn't assume that the data on your computer is locked down.
        • I think it was '98 where you could just boot into dos and delete username.pwd to make it so that user "username" had no password.

          Security at it's finest.
        • Re: (Score:2, Informative)

          by Anonymous Coward
          "And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??)"

          Yes, it's called "Bitlocker".
          • Does bitlocker make your system use an encrypted swap file? I really don't think so. At some point the data read from the file will be decrypted in memory, and if that chunk of memory gets swapped out, then it's now recorded, unencrypted to some part of your hard drive. This is why encrypted swap is needed.
            • by cnettel ( 836611 )
              I think it does. The reason why is simple: the swap is a somewhat special memory-mapped file. They still have to get the encryption logic tied in with the swapping logic for all other memory-mapped files (like all exes). That's one difference between Bitlocker and previous NTFS compression/encryption, where several of the more fancy I/O operations (aysnch I/O in general, efficient memory mapping) were really disabled.
            • by mlts ( 1038732 ) *
              If you need to protect the swap file, you can set Windows to zero it out cleanly on shutdown (a setting under security options if you pull up secpol.msc.)

              For further protection, there is a third party utility called BestCrypt which loads a low level device driver that intercepts the read and write calls between Windows and the swap file, and encrypts it with a randomly generated key every time the machine gets booted.

              IMHO, the best protection for nearly any Windows machine is whole disk encryption (BitLocke
            • Re: (Score:3, Informative)

              by Kagami001 ( 769862 )
              BitLocker encrypts the entire drive. If your swap file is on that drive, it's encrypted along with everything else.
              BitLocker is only available in Windows Vista Ultimate.

              Unrelated to BitLocker, Vista supports encrypting the swap file with a random key generated on startup (same as the way it's done in Linux). The setting is buried inside the EFS settings in Group Policy.
              I don't know if the swap file encryption setting is available in all editions of Vista or not--group policy wasn't available in XP Home Edit
        • Re: (Score:3, Informative)

          by cbhacking ( 979169 )

          And unless you keep all your important data on an encrypted partition, and use encrypted swap (can you do this in windows??), then you really don't have much protection, and shouldn't assume that the data on your computer is locked down.

          That's the idea behind BitLocker. When it was discussed on here, a lot of people compared it to FileVault, PGP/GPG, and NTFS EFS (Encrypting File System). The point is, none of those can do the kind of total protection that encrypting EVERYTHING on the system volume (and any others you want protected, except you need an unencrypted boot partition) provides.

          Or, to answer your question a little differently: Yes, Windows Vista can encrypt all your data and the swap (pagefile.sys in Windows). My $DEITY, what a

      • I read that LM is disabled by default on Vista, but don't have a computer with it on to check it out on. It's about time!
      • by mlts ( 1038732 ) *
        Vista and Windows 2008 Server (the beta that is) both don't store LM hashes by default. You can turn it on by running secpol.msc, if you have older machines that need that.
  • So... (Score:5, Funny)

    by InvisblePinkUnicorn ( 1126837 ) on Monday September 10, 2007 @10:48AM (#20539717)
    So basically, if I want to find out the passwords on someone else's computer, I have to bring along a high capacity DVD's-worth of data as well? I might as well just pretend I'm their tech support and ask for the password.

    Back in the day, getting Windows passwords was as easy as opening a program from a floppy. That's how I got an A in Spanish class when the teacher challenged us to guess what his screensaver password was (the prize was an A for the year - dumb teacher).
    • Re:So... (Score:5, Insightful)

      by jayhawk88 ( 160512 ) <jayhawk88@gmail.com> on Monday September 10, 2007 @11:08AM (#20540095)
      The point is that it can get the password in under 5 minutes. You could bring along something like L0pht, and then wait 2 weeks while it brute forces it.
      • LC has supported Rainbow Tables since version 5 IIRC. Also, how would salts work on this? If you stored EVERY md5 hash (which is what rainbow tables do), then you've stored the salt as well. You'll just get "saltpassword" as the retrieved password, won't you?
        • If you stored EVERY md5 hash (which is what rainbow tables do)


          That is certainly not what rainbow tables do. md5 is 128 bit. So to store every md5 hash would require 2^128 (3.4 × 10^38) * average_password_length bytes.
          • Okay, every md5 hash whose original input was under 7 characters and in the alpha-numeric-space-special range. But, I guess I answered my own question, it adds 5ish characters to the password so a 7 character password becomes 12 chars, and thus not breakable (unless it's an LM hash, which is retarded anyway).
    • by ajs ( 35943 )
      Of course, on real systems you use a decent hashing algorithm that can handle a much larger space.

      If you're interested in generating random, but secure passwords, I recommend my mkpasswd [ajs.com] program, which can securely generate random passwords, or generate very insecure passwords, and the entire spectrum in-between. It uses a regular-expression-like syntax for describing a possible password, and then generates random passwords that fit the pattern. For example, you can tell it that you want 10 completely rando
    • Re:So... (Score:5, Funny)

      by Anonymous Coward on Monday September 10, 2007 @11:36AM (#20540485)

      Back in the day, getting Windows passwords was as easy as opening a program from a floppy. That's how I got an A in Spanish class when the teacher challenged us to guess what his screensaver password was
      But then, you didn't really guess his screensaver password. So no prize should have been given to you.

      (the prize was an A for the year - dumb teacher).
      Pretty dumb to give away grades, I agree. But, then, no one expects the Spanish algorithm!
    • It's just another rainbow tables program. Yay. It may be better written than some (I don't know I haven't tried it) but it isn't anything new. There are plenty of rainbow table generators out there. The only problem you discover is that they take a shitload of space to get useful results. Also, if you are dealing with LM hashes, as this program is, there's no need. A Core 2 Duo can easily break pretty much any LM password in 24 hours or less.

      However it also isn't that useful since as of Windows Vista, Windo
    • by mh1997 ( 1065630 )

      So basically, if I want to find out the passwords on someone else's computer, I have to bring along a high capacity DVD's-worth of data as well?

      If you want all my passwords (at work), just look at the cardboard backing attached to the paper calendar under my keyboard. If the IT department wanted me to have a very secure, impossible to guess password, then they would not require me to have different passwords on different company sites (payroll, timecard, network, email, etc), force me to change my passwor

  • by Anonymous Coward on Monday September 10, 2007 @10:49AM (#20539727)

    if i have physical access to the machine and have a bootable CD i have no need to crack any passwords
    i can just reset the password and carry on, i have a customer whos 9yo girl showed me how she "cracks" her brothers password by booting in safe mode and simply removing his password
    luckliy in some ways iam glad windows is insecure, i can only imagine the hell a user (and MS) would go through when you tell them that their entire photo/music collection is toast because they forgot their 21 random character hard to remember password

    dont blame the user blame the whole crappy password concept

    • by eln ( 21727 ) * on Monday September 10, 2007 @11:05AM (#20540033)

      if i have physical access to the machine and have a bootable CD i have no need to crack any passwords
      i can just reset the password and carry on,
      You can do this with a Linux box as well, as well as practically any other system, so I'm not sure what your point is here.

      Physical access to a box pretty much means you have root access to that box. This is why physical security is such an important part of overall system security.
    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )
      I think the usefulness is rather in the legitimate owner of the machine not knowing that you know his password. When his password is blown, he usually knows something's fishy.

      Not to mention the fact that most people use only one or two password for pretty much every application, from their computers to online services.
    • Good passwords are half of the equation. If the hacker knows your user name then the hacking program only needs to solve for the entropy (cipher quality) of the password (of the hash). This is given by an equation based on the number of characters you can use in a password and the character set base. So let's say you are using a base64 character set. That gives us:

      6 bits per character = (ln 64) / (ln 2)

      This is because there are 64 possible ascii values per string char
      • by afidel ( 530433 )
        The problem here is that Windows only allows passwords that are 15 characters (I don't immediately know the base character set windows uses without looking it up).

        Wrong! Windows 2000+ based OS's and Active Directory allow for 64 character passwords using the entire Unicode character set. These tables attack the LMHash which is the legacy hash algorithm which stored the password hash into two 7 character hashes. Using a 15+ character password disables the LMHash from being stored. There is also a policy to
  • by BadAnalogyGuy ( 945258 ) <BadAnalogyGuy@gmail.com> on Monday September 10, 2007 @10:49AM (#20539737)
    "Passwords should never be saved as plaintext"

    Tell that to /etc/passwd, bitch!

    Second, if you've computed all possible hash values for all possible character combinations, then it really doesn't matter what your password is, since you only have to have the input hash to the correct hash value. Since an infinite number of character strings map to a finite number of hash values, it is only a matter of building the tables before you can hack any system.

    Third, if your only defense against this type of attack is a single password, you're screwed.

    Fourth, if you are worried about this sort of attack and you still live with your parents, it's probably not really too critical that you implement heavy-duty, multiple-hardened points on your Gentoo system right now. You'll have plenty of time to implement that sort of security after you finish your current bag of Cheetos.
    • by PPH ( 736903 )

      Passwords should never be saved as plaintext"

      Tell that to /etc/passwd, bitch!

      Hmm. There are no passwords (hashes or otherwise) in my /etc/password file.
      • before /etc/shadow, /etc/passwd held (scrambled) passwords, visible to any user on the machine.
        • Right, but which distribution still saves passwords in /etc/passwd? Name one, I don't know of any.

          • Re: (Score:2, Insightful)

            by everphilski ( 877346 )
            None that I was aware of, but I don't think that was GP's point. He was quoting the "Passwords are never stored in plaintext. At least they shouldn't be, unless you're building the world's most insecure system using the world's most naïve programmers." from the article. Which was at one time true for Windows (? or were they referring solely to apps?) but was also at one time true for Linux.
            • by mav[LAG] ( 31387 )
              but was also at one time true for Linux.

              Evidence of this would be greatly appreciated. I can't remember _ever_ seeing plaintext passwords in /etc/passwd or /etc/shadow in Linux and I've been using it since 1992 or so.
              • Re: (Score:3, Informative)

                It appears that the manual for Unix "First Edition" (1971) makes no mention of the password being encrypted in /etc/passwd, so it may have been stored in plaintext at that time.

                However, the manual for 7th edition Unix (1979) specifically states that /etc/passwd contains the encrypted passwords. So, Unix had been encrypting passwords on disk for at least 12 years before Linux existed. The GP appears to be making things up.

                Refs:
                http://www.cs.bell-labs.com/who/dmr/ [bell-labs.com]
                http://plan9.bell-labs.com/7thEdMan/v7vol1.p [bell-labs.com]
                • by mlts ( 1038732 ) *
                  Jolitz's 386BSD (the BSD that FreeBSD, NetBSD forked from), due to ITAR requirements, stored passwords in /etc/passwd (I think it had the option to run pwconv to move them to /etc/shadow, but don't remember) in 100% plaintext. You could recompile from source with a flag for the usual crypt(3) function, like other UNIX variants.

                  Early Linux distros (SLS) always used crypt(3) for their passwords, originally stored the passwords in /etc/passwd, but around '92 or '93, they moved to storing them in /etc/shadow.
      • by blhack ( 921171 ) *

        Passwords should never be saved as plaintext"

        Tell that to /etc/passwd, bitch!

        Hmm. There are no passwords (hashes or otherwise) in my /etc/password file.

        You fail at funny. The fact that /etc/passwd hasn't contained password data for YEARS is funny because every newbie linux user who downloaded "how to hack.txt" and read that using linux will turn them into a cr4ck1ng GOD finds /etc/passwd and freaks out so hard that they almost knock that two liter of generic Dr. Pepper all over moms carpet every time they find it.

        Wow that is a long sentance, am i writing EULAs or is the the 18th century?

    • by caluml ( 551744 )
      Tell that to /etc/passwd, bitch!

      Am I falling for something here by pointing out that there aren't any passwords in /etc/passwd - even the ones in /etc/shadow are crypted, and the file is 400.

  • Test ophcrack live. (Score:4, Informative)

    by realdodgeman ( 1113225 ) on Monday September 10, 2007 @10:50AM (#20539765) Homepage
    Ophcrack live (CD) does not crack all windows passwords, only about 99%. Still it uses only 20 minutes and can crack passwords up to 14 characters, while running from a bootable CD. And it is horrifying how few windows sysadmins who know about this...
    • by gad_zuki! ( 70830 ) on Monday September 10, 2007 @11:09AM (#20540105)
      First off, it certainly does not crack 99% of passwords. A reasonable password policy means it wont crack anything. Its a 700 meg CD. Its very limited. I've seen it fail on some pretty basic stuff. Esentially toss in a !@#$%^&*()_-{};',.? and its screwed.

      >And it is horrifying how few windows sysadmins who know about this...

      Well, they should be asking "Why are my PCs set up to let the end user boot a CD?" Or "Why do malicious users have physical access to our machines." With physical access youre pretty much sunk. Someone could moutn ntfs, write to the registry where its stores your admin password, and set it to null. I dont care what OS you use, physical access usually means trouble. Heck, if my portable tools cant crack it, I'll just take the hard drive home and work on it at my leisure.
    • by tkw954 ( 709413 ) on Monday September 10, 2007 @11:21AM (#20540245)

      Ophcrack live (CD) does not crack all windows passwords, only about 99%

      Can you please post a list of the remaining 1% and their hashes?

    • Re: (Score:3, Funny)

      When I took grade ten computer class for fun I made my password 115 characters (some sentence and the digits of pi), but once I forgot it the first time and had to retype it. The teacher became frustrated so he made me make it shorter.
    • Clearly, someone should get busy and make a list of the other 1% of windows passwords it can't crack and start selling them.

      (Seriously, I do wonder what the general characteristics are of passwords it can't handle: longer? fewer alpha?)
  • special chars (Score:2, Insightful)

    by Anonymous Coward
    And that's exactly the reason why I prefer using passwords like: k|$$mY/\rs3
  • by HangingChad ( 677530 ) on Monday September 10, 2007 @10:51AM (#20539783) Homepage

    (blank)

    password

    password1 That formula will crack 90% of Windows passwords out there. The remaining 10% are what the other 14.999999 GB in the table are for.

  • Things to note (Score:2, Interesting)

    by nsanders ( 208050 )
    The title is a bit of a stretch. Some simple techniques can help protect your self from these attacks. Using special characters will greatly increase the strength of your password, since the rainbow set for ALL characters is 64GB in size. Also, a LONG password, even of simple word can increase the complexity due to its length. Something as simple as my!dear!aunt!sally would be far stronger than 1pass!

    Some additional info on this topic can be seen here: http://druid.caughq.org/papers/Mnemonic-Password-Formul [caughq.org]
    • since the rainbow set for ALL characters is 64GB in size


      How is that possible? I thought LM did 7 characters with A-Z0-9. Even that gimped password has 36^7 or 78 billion combinations. That would require 1.2 terabytes to store (hash length is 16 bytes).
      • Sorry, not ALL, as in all possible characters. I meant alpha, numeric, and special. If you read the article it shows the character set of "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"',.?/" is 64GB in size.
  • by Mc1brew ( 1135437 ) on Monday September 10, 2007 @10:54AM (#20539859)
    Windows has a security feature it uses when a user attempts to create a 15Gb table called "crashing". This makes it extremely difficult to break in using the tool defined.....
  • Careful? (Score:2, Insightful)

    by miguel ( 7116 )
    "but be careful: the generated tables that Ophcrack uses are really big, and you should need up to 15 Gbytes to store these tables."


    Since when 15 gigs were considered "really big"?

    Aren't people at conferences handing out USB sticks as schwag with 493424 gigs these days in exchange for your business card?
    • Since when 15 gigs were considered "really big"?

      I guess since some fool said something about 640k being enough.
  • by colinmcnamara ( 1152427 ) on Monday September 10, 2007 @11:06AM (#20540043) Homepage
    This is a prime example of the need for a multi layered security model for authentication and authorization of your systems. There are many vendors that supply two factor authentication methods (RSA being the most well known) that provide for one time passwords. Techniques like this effectively mitigate the risk of a user account compromised by use of a hash table like this. BTW, this is nothing new. Rainbow tables have been out for ages. --Colin
    • by RingDev ( 879105 ) on Monday September 10, 2007 @11:26AM (#20540311) Homepage Journal
      Or simply require your users to have passwords at least 15 characters long. There was an article out of MS a year or so ago about how the "password" is dead and that "pass phrases" will take over. Not a very well written article, but it did go over the weaknesses of short passwords, hashes, and rainbow files. They are essentially the same thing, only pass phrases are longer... much longer. Instead of having to remember "HYjK))w!x%" (which, if LM Hashed, can be cracked by a rainbow file in short order) you can remember "This is the passworrd for my new computerr". No one is going to carry a 5 terrabyte rainbow file around to try to crack a password that long. And brute force would take years. Given a few spelling mistakes and a dictionary attack will fail.

      -Rick
      • by SQLGuru ( 980662 ) on Monday September 10, 2007 @12:45PM (#20541711) Homepage Journal
        http://support.microsoft.com/kb/276304 [microsoft.com]

        Or just force authentication against the MIT Kerberos domain.....

        Your password must be at least 18770 characters and cannot repeat any of your previous 30689 passwords. Please type a different password. Type a password that meets these requirements in both text boxes.
        Layne
      • No one is going to carry a 5 terrabyte rainbow file around to try to crack a password that long.

        At least not for a couple years until 5TB hard disks are available.
      • Re: (Score:3, Insightful)

        by Opportunist ( 166417 )
        Give it a year and someone will come up with a clever plan to decypher it again. Don't ask me how, our cypherguys are elsewhere (and I refuse to talk to them, they're creepy!). Some statistical imbalance for this or that if this or that structure is in your sentence, or a flaw in the algorithm because you now have a larger sample to work with than with traditional passwords of 5-10 characters length...

        It's always been a race. Don't think one side can win forever.
  • by nick13245 ( 681899 ) on Monday September 10, 2007 @11:10AM (#20540115)
    First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest... Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes. If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables... The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656 [microsoft.com]
  • you're telling me that my Hotmail or Yahoo! passwords are much more difficult to crack than the Windows one?

    • And less interesting, too. When I have your Windows password, installing a keylogger, a BHO or a network traffic collector is trivial and I'll have your Hotmail password too, sooner or later, depending on how often you check your mail.
  • No pun intended.
  • by hernano ( 1154471 ) on Monday September 10, 2007 @11:37AM (#20540503)
    Hi, There's no need to crack the LM&NT hashes of a password, you can use the hash directly on windows using this tool: http://oss.coresecurity.com/projects/pshtoolkit.htm [coresecurity.com] basically you can impersonate on your own windows machine any user if you have the hash, and then use your Windows machine to authenticate to services using that user's credentials. There's no need to know the cleartext password, unless you explicitly want to know the cleartext password to test it on other services that do not use NTLM authentication.
  • Just a heads-up to those looking to install it easily: This program is already in Debian, thanks to the work of Adam Cécile (Le_Vert). You can see it on the packages page at http://packages.debian.org/lenny/ophcrack [debian.org] .
  • Actually this doesn't mean you should panic and start using difficult passwords for windows.

    This just means you shouldn't use the same passwords for windows as you do for other stuff.

    If someone can successfully run 0phcrack on your system (or its lanman hashes) it means they're already in, and they probably already have access to the data they want (can install rootkits, keyloggers etc).

    It's laughable to think someone is going to physically bring it to your machine and _bother_ using it without your coopera
  • Pretty similar name to L0phtcrack [wikipedia.org]... any relation? If not, you'd think they would be wary of looking like they're trying to play off LC's success. Ahh regardless, reading up on L0pht [wikipedia.org] brings back a lot of memories.. ;)

"I've finally learned what `upward compatible' means. It means we get to keep all our old mistakes." -- Dennie van Tassel

Working...