Monday, November 5, 2012

Understanding how LM hashes are broken

Quoting Wikipedia "LM hashLanMan, or LAN Manager hash is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windowsversions prior to Windows NT used to store user passwords. Support for the legacy LAN Manager protocol continued in later versions of Windows for backward compatibility, but was recommended by Microsoft to be turned off by administrators; as of Windows Vista, the protocol is disabled by default, but continues to be used by some non-Microsoft CIFS implementations."

The article goes onto mention the three reasons why LM hashes are flawed :-

  1. The maximum allowed length of the password is 14 characters. Considering alphanumerics(52), and other ASCII printable characters as the keyspace, we have a total of 95^14 possibilities(4876749791155298590087890625L). The number of bitwise combinations would be log-base-2 (95^14) = 91.977978516633272.
  2. Passwords longer than 7 characters are hashed separately ; so each block could be bruteforced separately as the possibilities for each block would be 95^14. Furthermore, all alphabets are uppercased before hashing which reduces the keyspace by 26 bringing down the possibilities to 69^14.
  3. Salts are not used. Assuming that you have a password with lesser than 8 characters -- the second block is empty which yields a constant 0xAAD3B435B51404EE upon hashing.
  4. Implementation error, for authentication purposes the hashes are generated at the client side from the password and then sent over to the server. From an attackers perspective, knowing the password is equivalent to knowing the hash.
An interesting read, indeed. ;-)

No comments:

Post a Comment