On W2k you can shut of LM Hashes by adding the key
HKLM\System\CurrentControlSet\Control\Lsa\NoLMHash (yes just a blank key)
And on XP by adding the value under LSA NoLMHash=1
HKLM\system\currentcontrolset\control\lsa\nolmhash=1
Remember these do not take affect until after the next time a password is
changed, then it no longer stores the LM hash.
Also that ALT- character set I put in the original post, I could not get LC4
to reproduce/crack these no matter how short I made the password.
Cheers,
Dave
_____________________
Dave Kleiman
dave (at) netmedic (dot) net [email concealed]
www.netmedic.net
>> -----Original Message-----
>> From: Anders Thulin [mailto:Anders.Thulin (at) kiconsulting (dot) se [email concealed]]
>> Sent: Wednesday, February 19, 2003 03:28
>> To: dave
>> Subject: Re: Defeating password cracking
>>
>> Hello!
>>
>> dave wrote:
>>
>>
>> > 2. Defeating password crackers: Ok so now we make a user name "joev"
>> > (without the quotes) and we make the password "1234v". Well I spent 3
>> days
>> > and could not get the password cracked even after I added it to the
>> custom
>> > character sets; maybe I am just an amateur.
>>
>>
>> On the XP platform some of these special characters actually reset the
>> LM hash to 000...000 -- and so essentially disables LM authentication,
>> retaining
>> only the NTLM hash. (I've found this very useful to make my accounts a
>> bit more
>> secure in environments where the LM hashes a retained for backwards
>> compatibility
>> with NT systems). I believe it happens when the character in question
>> cannot be
>> mapped into the OEM character set that LM authentication is based on. You
>> seem to
>> be on an NT platform -- I have no idea what happens there, don't even
>> know if
>> there are any NTLM hashes to use on that platform.
>>
>> ':' in a password can trip up someone who uses John the Ripper
>> carelessly
>> as ':' is the field separator in the output, and not everyone ensures
>> that the
>> output lines are well formatted. TAB can confuse L0phtcrack in the
>> same way. And with both programs '???????' may confuse some operators, as
>> it
>> is used to indicate an as-yet-uncracked half of an LM password.
>>
>> Using LF and CR in passwords is also useful -- there's currently no
>> way to
>> represent those characters in a dictionary file without introducing
>> a new word. You might be able to add it to the brute force character set
>> in L0phtcrack, though -- haven't experimented with that.
>>
>>
>> Nice work about the checking how this affects the boot-disk password-
>> changing
>> programs. I never thought they would be affected, myself.
>> --
>> Anders Thulin anders.thulin (at) kiconsulting (dot) se [email concealed] 040-661 50 63
>> Ki Consulting AB, Box 85, SE-201 20 Malmo", Sweden
>>
On W2k you can shut of LM Hashes by adding the key
HKLM\System\CurrentControlSet\Control\Lsa\NoLMHash (yes just a blank key)
And on XP by adding the value under LSA NoLMHash=1
HKLM\system\currentcontrolset\control\lsa\nolmhash=1
Remember these do not take affect until after the next time a password is
changed, then it no longer stores the LM hash.
Also that ALT- character set I put in the original post, I could not get LC4
to reproduce/crack these no matter how short I made the password.
Cheers,
Dave
_____________________
Dave Kleiman
dave (at) netmedic (dot) net [email concealed]
www.netmedic.net
>> -----Original Message-----
>> From: Anders Thulin [mailto:Anders.Thulin (at) kiconsulting (dot) se [email concealed]]
>> Sent: Wednesday, February 19, 2003 03:28
>> To: dave
>> Subject: Re: Defeating password cracking
>>
>> Hello!
>>
>> dave wrote:
>>
>>
>> > 2. Defeating password crackers: Ok so now we make a user name "joev"
>> > (without the quotes) and we make the password "1234v". Well I spent 3
>> days
>> > and could not get the password cracked even after I added it to the
>> custom
>> > character sets; maybe I am just an amateur.
>>
>>
>> On the XP platform some of these special characters actually reset the
>> LM hash to 000...000 -- and so essentially disables LM authentication,
>> retaining
>> only the NTLM hash. (I've found this very useful to make my accounts a
>> bit more
>> secure in environments where the LM hashes a retained for backwards
>> compatibility
>> with NT systems). I believe it happens when the character in question
>> cannot be
>> mapped into the OEM character set that LM authentication is based on. You
>> seem to
>> be on an NT platform -- I have no idea what happens there, don't even
>> know if
>> there are any NTLM hashes to use on that platform.
>>
>> ':' in a password can trip up someone who uses John the Ripper
>> carelessly
>> as ':' is the field separator in the output, and not everyone ensures
>> that the
>> output lines are well formatted. TAB can confuse L0phtcrack in the
>> same way. And with both programs '???????' may confuse some operators, as
>> it
>> is used to indicate an as-yet-uncracked half of an LM password.
>>
>> Using LF and CR in passwords is also useful -- there's currently no
>> way to
>> represent those characters in a dictionary file without introducing
>> a new word. You might be able to add it to the brute force character set
>> in L0phtcrack, though -- haven't experimented with that.
>>
>>
>> Nice work about the checking how this affects the boot-disk password-
>> changing
>> programs. I never thought they would be affected, myself.
>> --
>> Anders Thulin anders.thulin (at) kiconsulting (dot) se [email concealed] 040-661 50 63
>> Ki Consulting AB, Box 85, SE-201 20 Malmo", Sweden
>>
[ reply ]