Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Cracking windows passwords in 5 seconds
Jul 22 2003 08:37PM
bugtraq oechslin net
As opposed to unix, windows password hashes can be calculated in advance
because no salt or other random information si involved. This makes so
called time-memory trade-off attacks possible. This vulnerability is not
new but we think that we have the first tool to exploit this.
At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory
trade-off method. It is based on original work which was done in 1980 but
has never been applied to windows passwords. It works by calculating all
possible hashes in advance and storing some of them in an organized
table. The more information you keep in the table, the faster the
cracking will be.
We have implemented an online demo of this method which cracks
alphanumerical passwords in 5 seconds average (see
http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can
find the password after an average of 4 million hash operation. A brute
force cracker would need to calculate an average of 50% of all hashes,
which amounts to about 40 billion hases for alphanumerical passwords
(lanman hash).
More info about the method can be found at in a paper at
http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03.
Philippe Oechslin
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
As opposed to unix, windows password hashes can be calculated in advance
because no salt or other random information si involved. This makes so
called time-memory trade-off attacks possible. This vulnerability is not
new but we think that we have the first tool to exploit this.
At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory
trade-off method. It is based on original work which was done in 1980 but
has never been applied to windows passwords. It works by calculating all
possible hashes in advance and storing some of them in an organized
table. The more information you keep in the table, the faster the
cracking will be.
We have implemented an online demo of this method which cracks
alphanumerical passwords in 5 seconds average (see
http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can
find the password after an average of 4 million hash operation. A brute
force cracker would need to calculate an average of 50% of all hashes,
which amounts to about 40 billion hases for alphanumerical passwords
(lanman hash).
More info about the method can be found at in a paper at
http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03.
Philippe Oechslin
[ reply ]