LM hash

LM hash

LM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords. Support for the legacy LAN Manager protocol continued in later versions of Windows for backward compatibility, but was recommended by Microsoft to be turned off by administrators; as of Windows Vista, the protocol is disabled by default, but continues to be used by some non-Microsoft CIFS implementations.

Contents

Algorithm

The LM hash is computed as follows:[1][2]

  1. The user’s ASCII password is converted to uppercase.
  2. This password is null-padded to 14 bytes.[Notes 1][3]
  3. The “fixed-length” password is split into two 7-byte halves.
  4. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a null bit after every seven bits (so 1010100 becomes 01010100). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The null bits added in this step are later discarded.)
  5. Each of the two keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set to NONE.
  6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

Security weaknesses

Although it is based on DES, a well-studied block cipher, the LM hash is not a true one-way function as the password can be determined from the hash because of several weaknesses in its implementation:[4] Firstly, passwords longer than 7 characters are divided into two pieces and each piece is hashed separately. This weakness allows each half of the password to be attacked separately, at exponentially lower cost than the full password. While there are 95^{14} \approx 2^{92} different 14-character passwords using ASCII characters, there would be only 95^{7} \approx 2^{46} different 7-character password pieces using the same character set. By mounting a brute force attack on each half separately, modern desktop machines can crack alphanumeric LM hashes in a few hours. In addition, all lower case letters in the password are changed to upper case before the password is hashed. Converting lowercase character to uppercase further reduces the key space for each half to 69^{7} \approx 2^{43}.

The LM hash also does not use cryptographic salt, a standard technique to prevent pre-computed dictionary attacks. A time-memory trade-off cryptanalysis attack, such as a rainbow table, is therefore feasible. In 2003, Ophcrack, an implementation of the rainbow table technique, was published. It specifically targets the weaknesses of LM encryption, and includes pre-computed data sufficient to crack virtually all alphanumeric LM hashes in a few seconds. Many cracking tools, e.g. RainbowCrack, L0phtCrack and Cain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.

A further weakness of LM hashes lies in their implementation — since they change only when a user changes their password, they can be used in a pass the hash attack.

Workarounds

To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the NTLM protocols with Windows NT 3.1. For hashing, NTLM uses Unicode support, replacing LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%") by NThash=MD4(UTF-16-LE(password)), which does not require any padding or truncating that would simplify the key. On the negative side, the same DES algorithm was used with only 56-bit encryption for the subsequent authentication steps, and there is still no salting. Furthermore, many Windows clients were configured by default to send responses derived from both the LM hash and the NTLM hash, so the use of the NTLM hash provided no additional security while the weaker hash was still present.

While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLMv2 or Kerberos authentication methods (but still using the NTLMv1 hashing method), Windows systems before Windows Vista/Windows Server 2008 still compute and store the LAN Manager hash by default for compatibility with LAN Manager and Windows Me or earlier clients, as well as some 16-bit applications that are still in use on the most current versions of Windows. It is considered good security practice to disable this feature where it isn't needed.[5] Microsoft claimed that support for LM would be completely eliminated in the Windows Vista operating system.[6] However Windows Vista and Windows Server 2008 still include support for the LM hash, although it is now disabled by default; the feature can be enabled for local accounts via a security policy setting, and for Active Directory accounts by applying the same setting to domain controllers. The same method can be used to turn the feature off in Windows 2000, Windows XP and NT.[7] Users can also prevent a LM hash from being generated for their password by using a password at least 15 characters in length.[3]

Reasons for continued use

Many legacy third party CIFS implementations have taken considerable time to add support for the stronger protocols that Microsoft has created to replace LM Hashing because the open source communities supporting these libraries first had to reverse engineer the newer protocols—Samba took 5 years to add NTLMv2 support, while JCIFS took 10 years.

Availability of NTLM protocols to replace LM
Product NTLMv1 support NTLMv2 support
Windows NT 3.1 RTM (1993) Not supported
Windows NT 3.5 RTM (1994) Not supported
Windows NT 3.51 RTM (1995) Not supported
Windows NT 4 RTM (1996) Service Pack 4[8] (25 October 1998)
Windows 95 Not supported Directory services client (released with Windows 2000 Server, 17 February 2000)
Windows 98 RTM Directory services client (released with Windows 2000 Server, 17 February 2000)
Windows 2000 RTM (17 February 2000) RTM (17 February 2000)
Windows ME RTM (14 September 2000) Directory services client (released with Windows 2000 Server, 17 February 2000)
Samba  ? Version 3.0[9] (24 September 2003)
JCIFS Not supported Version 1.3.0 (25 October 2008)[10]

Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled in Active Directory itself.

Lastly, prior to the release of Windows Vista, many unattended build processes still used a DOS boot disk (instead of Windows PE) to start the installation of Windows using WINNT.EXE, something that requires LM hashing to be enabled for the legacy LAN Manager networking stack to work.

See also

Notes

  1. ^ If the password is more than 14 characters long, the LM hash cannot be computed.

References

  1. ^ "Chapter 3 - Operating System Installation: The LMHash". Microsoft. http://technet.microsoft.com/en-us/library/dd277300.aspx. Retrieved 2009-06-21. 
  2. ^ Glass, Eric (2003). "The NTLM Authentication Protocol". http://davenport.sourceforge.net/ntlm.html#theLmResponse. Retrieved 2006-06-05. 
  3. ^ a b "Cluster service account password must be set to 15 or more characters if the NoLMHash policy is enabled". Microsoft. 2006-10-30. http://support.microsoft.com/kb/828861. Retrieved 2009-06-21. 
  4. ^ Jasper M. Johansson (29 June 2004). "Windows Passwords: Everything You Need to Know". Microsoft. http://download.microsoft.com/download/f/4/a/f4a67fc8-c499-461d-a025-8155fb4f7a0f/Windows%20Passwords%20Master%201.5%20Handout%20-%20Jesper%20Johansson.ppt. 
  5. ^ "How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases". Microsoft Knowledge Base. http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656&. Retrieved 2006-06-05. 
  6. ^ Johansson, Jesper (August 2006). "The Most Misunderstood Windows Security Setting of All Time". TechNet Magazine. http://www.microsoft.com/technet/technetmag/issues/2006/08/SecurityWatch/. Retrieved 2007-01-08. 
  7. ^ How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
  8. ^ "Windows NT 4.0 Service Pack 4 Readme.txt File (40-bit)". Microsoft. 1998-10-25. http://support.microsoft.com/kb/194507. Retrieved 2010-05-27. 
  9. ^ "The Samba Team announces the first official release of Samba 3.0". samba.org. 2003-09-24. http://www.samba.org/samba/history/samba-3.0.0.html. Retrieved 2010-05-27. 
  10. ^ "The JCIFS library: News". http://jcifs.samba.org/. Retrieved 2010-05-27. 

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Hash (film) — Hash is a 2005 comedy film directed by Scott Innes and written by Innes and Daniel Smith, who also stars along with Lisa Walker, Richard Wright and Adam Young. The film s central character is Hash McBrown. It is narrated by Stephen Fry. The film… …   Wikipedia

  • Hash — may refer to:* Hash symbol, #, called number sign or pound sign in the USA and Canada * Hashish, a psychoactive drug derived from the Cannabis plant * Hash (food), a coarse chunky mixture of beef and other things, e.g. corned beef hash ; cf. Hash …   Wikipedia

  • Hash browns — or hashed browns are a simple potato preparation in which potato pieces are pan fried after being shredded, julienned, diced, or riced. In some cultures, hash browns or hashed browns can refer to any of these preparations, while in others it may… …   Wikipedia

  • Hash browns — picadas, con forma de hamburguesa. Se llama hash browns o hashed browns a una receta simple de patata en la que los trozos de patata se fríen en una sartén después de ser cortados en tiras, juliana, dados o bien triturados. En algunas regiones,… …   Wikipedia Español

  • hash — hash·ab; hash·er; hash·ery; hash; hash·ish; hash·ka·bah; hash·im·ite; re·hash; hash·browns; hash·eesh; …   English syllables

  • hash — hash1 [hash] vt. [Fr hacher, to chop, mince: see HACHURE] 1. to chop (meat or vegetables) into small pieces for cooking 2. Informal to make a mess or botch of; bungle n. 1. a chopped mixture of cooked meat and vegetables, usually baked or browned …   English World dictionary

  • Hash (Unix) — hash is a Unix command that prints the location information for the commands found. yntaxksh: hash [name] DescriptionWhen the user gives a command, the shell searches for the command in the path specified in the PATH environmental variable and… …   Wikipedia

  • Hash-Verfahren — Hash Verfahren,   ein Speicherungs und Suchverfahren, bei dem Datensätze gestreut gespeichert und die Adressen von Datensätzen aus den zugehörigen Schlüsseln errechnet werden. Gestreute Speicherung von Datensätzen bedeutet, dass bezüglich… …   Universal-Lexikon

  • hash — Ⅰ. hash [1] ► NOUN 1) a dish of diced cooked meat reheated with potatoes. 2) a jumble; a mess. ► VERB ▪ make or chop into a hash. ● make a hash of Cf. ↑make a hash of …   English terms dictionary

  • Hash — Hash, v. t. [imp. & p. p. {Hashed} (h[a^]sht); p. pr. & vb. n. {Hashing}.] [From {Hash}, n.: cf. F. hacher to hash.] To chop into small pieces; to mince and mix; as, to hash meat. Hudibras …   The Collaborative International Dictionary of English

  • Hash-Kodierung —   [zu engl. to hash »zerhacken«], die Transformation einer Menge von Daten (Schlüsseln) auf eine kleinere Menge von Werten (Adressen) mithilfe einer Hash Funktion (Hash Verfahren). Eine Hash Kodierung, deren Ergebnis keine Rückschlüsse auf die… …   Universal-Lexikon

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”