C|Net (and others, but I’m picking on them because their reporter should know better), are breathlessly reporting an allegedly new approach to breaking Windows passwords. The article conveniently ignores the fact that trading space for time is a well-known technique for lots of applications, and it presents without comment the claim that this is a major vuln. It’s not. Here’s why:
- The attack depends on breaking the LM hash, which is known to be weak. You don’t have to store it (read up on the NoLMHash setting); even if you have Win9x clients, you can install the directory services client and use NTLMv2. In fact, if you follow MS’ recommendation of using >15-character passphrases for critical accounts, you’ll find that no LM hash is stored for those passphrases.
- The space/time tradeoff doesn’t scale. Even if you just use upper case, numbers, and symbols, you will get somewhere around 3.37134E+14 different 8-character passwords on a standard US keyboard– you’ll get more if you include Unicode characters, which MS has been recommending for a while. Storing the hashes for that many passwords takes about 5.4 petabytes of space. Even if you manage to store that many password hashes on a disk, it is pretty unlikely that you will find a system fast enough to compare that many passwords in a matter of seconds. The problem still boils down to weak passwords, not to the fact that you can crack weak passwords in 13.6 seconds instead of 1 minute and 41 seconds. Weak passwords are still weak, regardless of how fast you can crack them.
- The only way to mount this attack is to grab the password hashes.
- If you gain physical access to the box, the stored hashes are effectively salted by syskey, so they’re not directly vulnerable.
- If you mount an online attack, you must either be admin or be able to get admin privileges to get the hashes from the LSA so you can attack them. If an attacker can get admin privileges, you have bigger problems than weak passwords.
Paul's Down-Home Page 