There’s a time bomb ticking on Windows machines all over the world, and unless you’ve defused it then your network your security could be blasted apart at any time.
The time bomb I’m talking about is the LM hashing algorithm which Microsoft designed in the late ’80s to protect passwords stored on Windows machines. The idea is that because a hacker could potentially get their hands on passwords if they are stored on a machine, it is better to pass them through some mathematical function to obscure them before storing them. That way a hacker who steals a list of hashed passwords still doesn’t know what the passwords are. When a legitimate user enters their password this is hashed and the result is compared with the hash stored on the computer for that user, and if the two hashes are identical the computer knows the correct password has been entered.
Although the LM hash was relatively secure when it was introduced, advances in the power of computers over the last twenty years mean that today it is anything but. In the early 90s Microsoft addressed this problem by coming up with a much better hashing function known as the NT hash, but here’s the thing: to preserve backward compatibility with older machines (something of an obsession at Microsoft) the company decided to continue with LM as well. User account passwords on an XP machines may be hashed using the more robust NT algorithm, but also with the insecure LM algorithm. XP then stores both the LM and the NT hashes together locally, or they may be stored together in Active Directory on a server. Clearly any hacker who gets access to the file containing password hashes is going to ignore the NT hash and get to work on the LM hash.
How the LM Hash Works
To understand why the LM hash is insecure it’s worth spending a moment or two looking at how it works. Essentially, a password is first converted to uppercase, and set to 14 characters in length by truncation or by adding null characters if necessary. It is then split in to two seven character segments, which are turned into keys to encrypt (using the DES cipher) a particular string, (“KGS!@#$%” in case you are interested,) the two result of which are concatenated to create the LM hash. (Strictly speaking this is not actually a hash at all, but that doesn’t matter for now.)
One obvious weakness is that since the passwords are converted to uppercase, they are not as strong as password which are mixed case. But a more fundamental flaw is the way that the passwords are split into two 7 character segments. The longer a password is the more secure it is (usually), and a seven character password isn’t very secure at all.
To crack an LM hash, all an attacker needs to do is crack two seven character passwords, and thanks to the power of modern computers this can be done by brute force (i.e. trying every possible combination of seven uppercase characters) in a short period of time. In fact, there is an even easier way. Open-source tools like Ophcrack (http://ophcrack.sourceforge.net/) are available which use “rainbow tables.” These are pre-computed LM hashes for just about every possible combination of seven characters, and using these finding the password for a given LM hash is a simple database lookup operation which can be carried out in a couple of seconds.
As an example, let’s take the password “LMisNotStrong”. Passing it through the LM function it results in the LM hash “7981925a350fac84c9a324f658dcc9d4”.
If we put this hash into Ophcrack, and run the program using the free set of rainbow tables supplied with the program, it takes fifteen seconds to load the tables and just three to find the password, using a fairly standard desktop machine with a Core2Duo processor. Ophcrack finds the password LMISNOTSTRONG in 3 seconds
As can be seen from Figure 1, Ophcrack actually cracks two passwords, LMISNOT and STRONG
Usually longer passwords lead to better security, but the bizarre way that the LM hash splits passwords into two segments of exactly seven characters can paradoxically make longer passwords less secure. Here’s why:
Imagine a user chooses the eight letter word “virtuoso” as a password. As we know, this will get split into one segment containing “virtuos” and another containing the final letter “o”, padded with six null characters to make a seven character segment “o——” As this is really the hash of a single character password (the letter “o” with nulls for padding) it can be brute-forced in moments.
Armed with the information that the original password must be an eight letter string, and that the final character is the letter “o”, the hacker than make a guess that the password is a single eight letter word ending in “o”. Since there are very few eight letter words ending in o in the English language, the hacker could then find the correct one (virtuoso) relatively easily.
NT hashing is a more secure process, both in theory, and in practice, as can be seen by running the NT hash (c9606e6125dad8dd4e4c76767b2f0680) of the same password through Ophcrack: Ophcrack fails to crack the NT hash of the same password: LMisNotStrong (See Figure 2)
This time, using the free Ophcrack NT rainbow tables, Ophcrack is unable to find the password. In fact a password of this length cannot even be cracked by Ophcrack’s 8Gb $99 premium rainbow tables.
The simplest way to avoid the security time bomb that is the LM hash is to use passwords of more than 14 characters. Under these circumstances XP doesn’t use the LM hash, and only the NT hash is stored.
But a much better idea is to turn off LM hashing in Windows machines altogether (this is done by default in Vista.) Microsoft details how to modify the registry of Windows XP (or Server 2003) machines, after backing up the registry, as follows:
- Click Start, click Run, type
regedit, and then click OK.
- Locate and then click the following key in the registry:
- On the Edit menu, point to New, and then click
NoLMHash, and then press ENTER.
- On the Edit menu, click Modify.
- Type 1, and then click OK.
- Restart your computer, and then change your password.
One final tip: if you decide to download Ophcrack, there’s also an option to download a LiveCD iso which you can burn to a CD. This is a great tool which you can run on any standalone machine to get at account passwords if they’ve been forgotten.