Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Microsoft Open Source Software Windows Technology

8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours (theregister.co.uk) 125

HashCat, an open-source password recovery tool, can now crack an eight-character Windows NTLM password hash in less than 2.5 hours. "Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours" using a hardware rig that utilizes eight Nvidia GTX 2080Ti GPUs, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. "The eight character password is dead." From the report: It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon's cloud for just $25.

NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much. When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six. Tinker said the eight character password was used as a benchmark because it's what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance. So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

This discussion has been archived. No new comments can be posted.

8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours

Comments Filter:
  • by account_deleted ( 4530225 ) on Friday February 15, 2019 @05:06AM (#58125466)
    Comment removed based on user account deletion
  • It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers.

    It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that h

  • by athmanb ( 100367 ) on Friday February 15, 2019 @05:31AM (#58125506)

    Even NTLMv2 is now over 20 years old. It's unsalted, easily parallelizable and you can't adjust the number of hash operations performed. It just can't deal with the modern world. And Microsoft has had tools available for like 5 years now that make it possible to see whether you can disable NTLM, see https://johan.grotherus.com/20... [grotherus.com] for one writeup. If you have a decently sized environment, this probably won't be easy, but you should start sooner rather than later. As soon as you are able to pull the plug on it, a lot of the easy "pass the hash" attacks become impossible, and those are more dangerous than someone getting to your ntds.dit file in todays age of gratuitous hard disk encryption anyway.

    And most people aren't able to create secure passphrases. You need to use completely independant words to actually get a good passphrase, and if someone doesn't understand the information entropy theory behind it, they'll automatically gravitate towards related words. And a passphrase like "housegardengreengrass" has an absolutely abominable complexity of like 20000 * 100 * 100 * 100 or 2^32.

    • and those are more dangerous than someone getting to your ntds.dit file in today's age of gratuitous hard disk encryption anyway.

      This I disagree with in a world of prolifant malware happily running on logged in machines where HDD contents are readily accessible.

    • You need to use completely independant words to actually get a good passphrase, and if someone doesn't understand the information entropy theory behind it ...

      It's not just the information, it's also the systems theory behind the information theory.

      The underlying problem is that so many passwords in the wild get cracked back to plain text. Any paradigm you come up with is vulnerable to machine learning, which can ultimately identify and extract almost any pattern.

      The pattern you describe is this: pick a word

  • a few years back, MS Office had a document password protect feature which was cracked instantly by an open source tool.
  • by Mr_Silver ( 213637 ) on Friday February 15, 2019 @06:01AM (#58125554)

    Couple of questions:

    • Is NTLM for organizations that rely on Windows and Active Directory?
    • Isn't NTLM an old Microsoft authentication protocol and wasn't it replaced by Kerberos?
    • Are these the Windows passwords stored locally or in the NTDS.dit file?

    It wasn't entirely clear from the summary /s

    • by Anonymous Coward

      1. New Technology Lan Manager Hashes or NTLM encrypted passwords came about during the NT 4.0 days (at least in a recognizable form, it may have been around a little before this), and I believe it is used in almost every Windows OS since then, not just corporate environments that rely on AD. It's not for the enterprise, it'sWindows baked in security suite. Yes, NTLM is a whole security suite. It may be old and deprecated, but it's still present for backwards compatibility. This is why you can plug in your W

  • Maybe worth mentioning: https://sites.google.com/site/... [google.com]
  • by sphealey ( 2855 ) on Friday February 15, 2019 @07:16AM (#58125672)

    Note to author: It was determined during WWII that repeating plaintext makes it far easier for an opponent to crack the cyphertext. Just sayin'.

    • by athmanb ( 100367 )

      The invention of Cipher Block Chaining solved that issue btw
      https://en.wikipedia.org/wiki/... [wikipedia.org]

    • Re:Note to author (Score:5, Informative)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Friday February 15, 2019 @11:10AM (#58126550) Journal

      Note to author: It was determined during WWII that repeating plaintext makes it far easier for an opponent to crack the cyphertext. Just sayin'.

      This is wrong.

      What you say was true of WWII-era ciphers, but with modern ciphers and constructions any system that is made easier to break by repeating plaintext is considered completely broken and discarded. We don't worry about repeated plaintext any more, we worry about ensuring that the output of the base cipher is indistinguishable from uniform random noise, and that the construction is randomized so that two encryptions of identical plaintext produce unrelated ciphertexts.

      Also, your comment is off topic because encryption has nothing to do with password storage. You don't use an encryption cipher to secure passwords, you use a key derivation function, one designed specifically for passwords.

      Crypto history is fascinating, and fun, but be careful applying its lessons to modern crypto.

  • by Anonymous Coward on Friday February 15, 2019 @07:17AM (#58125674)

    I have a datacenter full of Hashcat rigs - used to be my crypto mine but I re-purposed and now do fee-based password recovery for corporate and law enforcement clients.

    Hashcat is pretty fun and has a scripting language of sorts for narrowing the attack space. If you have knowledge of the corporate password rules you're dealing with (which SIGNIFICANTLY reduce the attack space) it's actually not uncommon to discover even a complex password in a couple of days.

    The bottom line is that everyone needs to use stronger passwords, and corporations really need to remove the impediments that reduce attack space.

    As an example, let's take a simple example where a keyboard has all the capital and lowercase letters, and numbers 0 through 9. There are 52 possible letters and 10 possible numbers - 62 potential characters. An 8 character password has 62^8 or 218,340,105,584,896 possible combinations.

    If I impose a rule that says you must have at least one capital letter, that more than halves the attack space because one combination drops from 62 possibilities to 26, and our new attack space is only 91,561,979,761,408.

    If I say you have to have one capital letter and one number, that reduces a combination from 62 to 10, and our new space is only 14,768,061,251,840 passwords.

    A GTX 1070 will do a Kerberos 5 password at about 145 million per second, so a single rack of 12 of them will do 1,740,000,000 passwords/second.

    That means I can crack 8 characters, one capital letter and one number in a MAXIMUM of 8487 seconds, and that's assuming the correct password is the last one I try. That's less than 2.5 hours.

    I have 200 of those racks in my farm, so it takes me longer to set up the job that it takes to completely exhaust that address space: 42 seconds.

    So please, corporate America, keep right on with your silly password rules. They only make my job easier and more lucrative.

    • If you have knowledge of the corporate password rules you're dealing with (which SIGNIFICANTLY reduce the attack space) it's actually not uncommon to discover even a complex password in a couple of days.

      The bottom line is that everyone needs to use stronger passwords, and corporations really need to remove the impediments that reduce attack space.

      As an example, let's take a simple example where a keyboard has all the capital and lowercase letters, and numbers 0 through 9. There are 52 possible letters and 10 possible numbers - 62 potential characters. An 8 character password has 62^8 or 218,340,105,584,896 possible combinations.

      If I impose a rule that says you must have at least one capital letter, that more than halves the attack space because one combination drops from 62 possibilities to 26, and our new attack space is only 91,561,979,761,408.

      If I say you have to have one capital letter and one number, that reduces a combination from 62 to 10, and our new space is only 14,768,061,251,840 passwords.

      You are missing the point: if corporations did not impose such rules then most people would choose passwords that were entirely lower case; ie 26^8 (208,827,064,576) combinations. Any self respecting cracker would try all lower case before considering other possibilities.

      • by Junta ( 36770 ) on Friday February 15, 2019 @09:07AM (#58125974)

        On the other hand, focus on character classes causes people to pick short passwords because they can only remember so much of that crap.

        Focus on password length *and* character classes and people just can't do it.

        Focusing on password length alone is the way to win, 'password' is a much worse mindset than 'passphrase'.

        • by ceoyoyo ( 59147 )

          First thing to do is make sure that your passphrase system accepts spaces. It's a pain in the ass to type "thisismypassphrase" compared to "this is my passphrase".

        • by Anonymous Coward

          On the other hand, focus on character classes causes people to pick short passwords because they can only remember so much of that crap.

          Focus on password length *and* character classes and people just can't do it.

          Your password must have a minimum of 12 letters, one number, a fighter, two clerics, and an arcane caster.

      • if corporations did not impose such rules then most people would choose passwords that were entirely lower case; ie 26^8 (208,827,064,576) combinations. Any self respecting cracker would try all lower case before considering other possibilities.

        This was my thinking as well. While OP is quite correct that the volume of the attack space is significantly reduced by the imposition of requirements, the fact is that the vast majority of people are selecting passcodes that minimally meet the requirements rather than being constrained by the requirements. Or, put differently, while requirements reduce the upper bound of the address space, thus reducing the volume of the space, they also raise the lower bound of the space quite significantly, thus increasi

    • by Z00L00K ( 682162 )

      So the summary is essentially that password rules opens a hole similar to what the Enigma machine had - the encrypted character could never be the same as the original, one of the rules that made it easier to crack instead of harder. There were other flaws as well.

      Personally I would have introduced some added complexity to the Enigma in addition to allowing the encrypted character match the clear text character like space character and a few punctuation characters. Also the ability to select a varying numb

      • That would have been an entirely new machine, the limitation that a character can never encrypt to itself is inherent in Enigma's "out and back" path through the rotors and plugboard.

      • Hindsight is always 20/20. We've had at least a month or two of widespread technical improvements since then.

        Personally I would have ...

        ?? Then why didn't you?

        Don't get me wrong -- I've also the same things many times over the years. I'm just now getting to the point where seeing that current knowledge and history of the past kinda helps guide you, while at the time there were no indicators or guidelines and they were fumbling around in the darkness.

        We really do "stand on the shoulders of giants", and shorter people as well.

    • Your point might be right, but you need to count better.

      As an example, let's take a simple example where a keyboard has all the capital and lowercase letters, and numbers 0 through 9. There are 52 possible letters and 10 possible numbers - 62 potential characters. An 8 character password has 62^8 or 218,340,105,584,896 possible combinations.

      Right

      If I impose a rule that says you must have at least one capital letter, that more than halves the attack space because one combination drops from 62 possibilities to 26, and our new attack space is only 91,561,979,761,408.

      If I say you have to have one capital letter and one number, that reduces a combination from 62 to 10, and our new space is only 14,768,061,251,840 passwords.

      No, with those conditions the space isn't 26*10*62^6, which is what you assumed - that's the space if you require that the first letter be uppercase, the second a number and the rest whatever.

      With those conditions, you're removing from the original 62^8 space all the passwords that are just lowercase, which are 26^8. So your new password space is 62^8 - 26^8 = 218,131,278,520,320, which is 99,9% of the original space...

      • by Anonymous Coward

        Yes, his calculations are completely wrong, but you're not correct either. You can't just remove the lowercase passwords. You also have to remove the passwords containing upper case characters, but not digits, and the ones containing digits but not upper case characters. That makes it 62^8 - 36^8 - 52^8 + 26^8 = 162,268,094,210,560, which is about 74% of the original space (far from the authors claim, which is about 7% of the original space).

        See https://math.stackexchange.com/a/2033019 for a bit more thorou

      • by theCoder ( 23772 )

        The math for figuring out the exact numbers seems to me to be really difficult. Though maybe not as difficult as tedious in thinking about the various possibilities. It would probably make a nice question on a discrete math final. Well, nice from the professor's point of view at least.

        Since I didn't want to compute it analytically, I once wrote a simple program to test it empirically. The program would generate random passwords and then test to see if they met the requirements. IIRC, with the rules in

  • I can still remember this over many years... but let me Google the link... fond it XKCD [xkcd.com]

  • inconsistent (Score:5, Informative)

    by markdavis ( 642305 ) on Friday February 15, 2019 @07:50AM (#58125748)

    >"NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much."

    The example given is an old method and assumes the cracker has access to the stored encrypted password. Then the discussion turns to a wide/broad generalization about ALL password lengths, and web sites were the example. This isn't logical. An 8 character password is way strong enough if you don't have access to the stored data and all you can do is try brute force- which is easily defeated by throwing in delays or limits.

    It also depends on the method used to store the passwords, even if you have access to the stored data,

    • by hey! ( 33014 )

      Is 8 characters enough to control access to a *network* resource? I'd say the answer is a resounding "maybe".

      If you start by assuming that that the attacker has no access to the underlying password database and that he never will, and that rules eliminate easily guessed passwords, sure: I'm satisfied. But the assumption that the password database is secure is a big one. An unsalted password databases is a gold mine for an attacker.

      If you assume that the password database *might potentially* be accessed r

      • >"But the assumption that the password database is secure is a big one. An unsalted password databases is a gold mine for an attacker."

        Agreed. My biggest issue was their illogical jump from one example to a broad statement that can't be made.

        >"As for any remaining practical purposes, you simply need something stronger than passwords, because humans aren't going to be any good at memorized ten character strings of pure gobbledygook."

        Unfortunately, there isn't much else- not if one of the criteria is s

        • by hey! ( 33014 )

          I think two-factor is definitely the way to go for high security applications. That does not mean that "two factor" is automatically better than a password scheme, it depends on the design and implementation.

  • First of all the cracker will need to get the password hashes, if that can be done I think you have more issues than an 8 character password. I cannot comment on how to get windows password hashes (have not be on it in well over a decade), but on a properly locked down and encrypted modern Linux/BSD getting shadow is almost impossible.

    At work we are being moved to a minimum 15 character PW which is changed it every 90 days, all I can say is I am real glad I do now work on corporate help desk. 90% of they

    • Comment removed based on user account deletion
    • Comment removed based on user account deletion
    • by DarkOx ( 621550 )

      NTDS.dit dumping aside after you already have escalated permissions on domain control the main method of obtaining windows hashes is to MTIM authentication attempts and collect them off the wire so to speak.

      You use tools that provide fake DNS(6), netbios, wpad and some other types of broadcast responses or use other methods like good old fashioned arp spoofing to get windows hosts to authenticate with you. Optionally when signing is disabled or not used you might relay the authentication attempt to a real

    • by ceoyoyo ( 59147 )

      That's a lot of passwords written on stickies.

  • hmm (Score:4, Insightful)

    by cascadingstylesheet ( 140919 ) on Friday February 15, 2019 @09:14AM (#58125998) Journal

    Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

    Except that every site has a different maximum number of characters, requires different special characters, some of them don't allow your favorite special characters, etc. So there's no way you can consistently use some complex patterns that you could actually possibly remember.

    • "Except that every site has a different maximum number of characters, requires different special characters, some of them don't allow your favorite special characters, etc. So there's no way you can consistently use some complex patterns that you could actually possibly remember."

      ^^^ This

      I really wish there were an enforced standard that all websites -MUST- adhere to before being allowed on the web at all. Minimum password length and character set requirements. While we're at it, storage of those credenti

  • Jeez, the submissions here are shockingly badly edited, or, I should say, not edited at all. A repeated phrase in the summary, obvious to a 5 year old. BeauHD... hang your head in shame.
    • You Must Be New Here. This is how it has literally always been. Slashdot has never had editing worth beans. New boss, same as the old boss, and the boss before that.

  • Passwords are terrible security. Period. They should never have been widely implemented. All websites, 100% of websites, and all other systems that require passwords should be moved to physical keys.

    • Shouldn't access be granted based on something you have AND something you know?

      • Sure, I'm all for two part ID. But the vast majority of sites still don't require that, and most have no option for it at all.

        My point was about passwords alone.

  • by magarity ( 164372 ) on Friday February 15, 2019 @10:14AM (#58126216)

    NIST's latest guidelines say passwords should be at least eight characters long

    I tried "at least eight characters long" but it said passwords could not contain spaces.

  • by FeelGood314 ( 2516288 ) on Friday February 15, 2019 @11:56AM (#58126804)
    If the password isn't protecting anything of value then 1 character will do - for example any site that makes you create an account so you can use it once.
    If the attacker is rate limited and is only interested in one account then a 4 digit PIN will do - think bank cards
    If the attacker can attack any one of 50,000 employees and is only rate limited per account a pass phrase of 4 words should be used.
    If the attacker has the hash of the pass phrase then a pass phrase of 5 words should be used.
    If the attacker has the hashes of 50,000+ phrases then a pass phrase of 6 words should be used.

    8 random character passwords are useless, they too strong for the rate limited single account, impossible for 50,000 employees to remember and worthless against an attacker with the hash of the password.

    You should also fire everyone involved in the 8 character, at least one upper, one lower, one number and one one special character and change your password every 3 months people. After 6 months almost every employee gives up on creating a strong password and uses a common 6 letter English word, capitalizes the first letter, puts in the number 1 and then a '!'. They then increment the number every 3 months.
  • NTLM, NTLMv2 and yes Kerberos are all HOPELESSLY insecure CHAP based authentication protocols subject to offline brute force campaigns simply by way of an adversary eavesdropping on authentication process. No server hacking required.

    Microsoft STILL insists upon using this crap in its current software when secure alternatives are readily available.

    The only way authentication works in practice today is by protecting authentication exchanges using PKI... similar in concept to all of the web login forms on pre

  • Brute-force attacks like these can only work when attackers can access the passwd hashes so their guessing cost comes down to a few machine cycles. This is why /etc/shadow was developed and eventually will become encrypted itself.

    When an attacher has to go to the local OS, let alone a remote net, the cost per guess goes up by many (4-10) orders of magnitude. Decent security watchdogs will throttle guessing even further.

  • ANY 8 char password? Does that include special chars like ©?
    If we include those, the number of possibilities increases immensely, to the point that I certainly wouldn't worry if I had such a password.
    Most people, even on this thread seem to exclude even the common, easily accessible symbols from their strategy.

  • "The password you have entered is already in use by user corp-admin@internal.wscorp.com. Please choose another password".
  • Guys, just upgrade your Active Directory forest functional levels.
    As long as the oldest controller is new than 2012, not a problem.

  • Damn. So THAT'S how he got me.

You are always doing something marginal when the boss drops by your desk.

Working...