Secure Passwords – Part Two
How does a Microsoft network handle username and password authentication? How secure is the implementation? How does Microsoft’s implementation directly affect the security of your network?
The answers to these questions are critical to understanding Windows’ authentication and to the security of your network. Understand that in order for secure password creation techniques to be effective they must be coupled with network security measures to ensure that the username and
password are being submitted and “stored” in the most secure manner.
Question 1: How does a Microsoft handle authentication?
- The client first sends a “Type 1” message listing the features supported or requested (such as encryption key sizes, request for mutual authentication, etc.) to the server.
- The server responds with a Type 2 message containing a similar set of flags supported or required by the server (which establishes an agreement of authentication parameters) and, more importantly, a random challenge (8 bytes).
- Lastly, the client uses the challenge obtained from the Type 2 message and the username and password to calculate the response. The calculation methods differ based on the parameters negotiated and the version of NTLM. That response is sent to the server and also cached on the client’s computer.
Question 2: How secure is the implementation?
Note: Along with my introductions to these implementations I’ll use a “security scale” that ranges from 1-9, 1 being very insecure (unlatched screen door) to 9, very secure (Fort Knox). I will notate them as SecLev:”#” These levels are arbitrary and my opinion only and are used to express relativity.
There are three generations of Microsoft client credential authentication and hashing; LAN Manager (LM), NT LAN Manger (NTLMv1), NT LAN Manager (NTLMv2).
A.) LM – SecLev:2
LAN Manager was implemented on all Operating systems pre-NT including ME, 98, and 95. LM encryption and hashing method is extremely insecure, just a bit better than clear text. Let’s look at what LM actually does to a password and you’ll see why.
- The user’s password is entirely converted to uppercase letters
- The password is either padded (with 0’s) or truncated to 14 bytes
- The password is then split into two 7-byte halves
- The two halves are used to create two separate DES keys.
- Each of these keys is used to DES-encrypt a constant (ASCII string “KGS!@#$%”), resulting in two 8-byte cipher text values.
- These two cipher text values are linked together to form a 16-byte value, which is the LM hash.
LM hashing has two fatal flaws, first the changing all lower case letters to uppercase letters and then splitting the password into two 7 character halves. In effect reducing the number of possible characters and reducing the length a more susceptible 7 characters. Additionally one can logically
assume that almost no normal user would create a 14 character password, therefore let’s hypothesize that a “security conscious” user created a password of 12 letters (jurisprudent). With LM hashing I effectively have one password that is 7 letters (jurispr) and one password that is 5
(udent00). If by cracking the second and shorter part first I find that the five letters are “udent” I might be able to focus my bruteforce or dictionary attack on a smaller set of possible combinations. Yielding the resultant password of “jurisprudent” and possibly quicker than a 7 character password
of “sunburn”. Although this may not be a practical example it does demonstrate the inherent insecurity of LM hashing, not to mention that many “mainstream” password crack tools have now made cracking LM hashes child’s play.
B.) NTLMv1 – SecLev: 5
(Originally known as NTLM until the release of NTLMv2, and it was then renamed to NTLMv1)
NTLMv1 was introduced with the advent of Windows NT, specifically NTSP3 and earlier. NTLMv1 brought about 3 major changes to LM;
- The hash increased to 14 bytes as opposed to 7 bytes
- NTLMv1 allowed lower case and upper case characters
- Implemented MD4 hashing
(Side bar: You can see where the 14 character passwords gained a reputation as the most secure password length. While a good idea, I’ll show you the real magic number)
C.) NTLMv2 – SecLev:8
NTLMv2 is the current generation and was released along with NTSP4. The major changes of the third generation protocol are:
- The hash increased to 128 bytes
- Implemented MD5 hashing.
Seeing this simplified description of the evolution of windows authentication one would be left to assume that as long as your servers and clients are running Windows 2000 or newer and making use of NTLMv2 then you have nothing to worry about. Right? WRONG.
Question 3: How does Microsoft’s implementation directly affect the security of your network?
Two words: Backwards Compatibility
“For backward compatibility, Windows 2000 and Windows Server 2003 support LAN Manager (LM) authentication, Windows NT (NTLM) authentication, and NTLM version 2 (NTLMv2) authentication.”
That’s right, although you are running current software that utilizes a secure implementation, in order to support older OS’s Microsoft thoughtfully decided to have the new clients go ahead and LM hash their credentials. Once you get passed the “you have got to be kidding” response, logic will pose the question, “If my network is made up of only Server 2k3/2k, and XP/2k clients I surely don’t need my client’s LM hashing. How do I turn it off?”
Disable It via the registry or group policy.
To disable LM Hashing via Group Policy:
- In Group Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
- In the list of available policies, double-click Network security: Do not store LAN Manager hash value on next password change.
- Click Enabled, and then click OK.
To disable LM Hashing via the Registry:
Windows 2000 SP2 and Later
To add this key by using Registry Editor, follow these steps:
- Start Registry Editor (Regedt32.exe).
- Locate and then click the following key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
- On the Edit menu, click Add Key, type NoLMHash, and then press ENTER.
- Quit Registry Editor.
- Restart the computer, and then change your password to make the setting active.
Windows XP and Windows Server 2003
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following key in the registry: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
- On the Edit menu, point to New, and then click DWORD Value.
- Type NoLMHash, and then press ENTER.
- On the Edit menu, click Modify.
- Type 1, and then click OK.
- Restart your computer, and then change your password.
Now for a final golden nugget. How long should your password be?
With a password that is 15 characters or greater the string for the LM authentication becomes a constant value, “aad3b435b51404eeaad3b435b51404ee”. This implies that the password is null. In other words, anything longer than 15 characters is hashed as if it were a blank password, making the password extremely secure.
I hope this article has been informative if you want more information please visit the sites listed below. Information for this article was gathered from multiple sources including but not limited to:
- Security Focus: Ten Windows Password Myths
- Wikipedia: Integrated Windows Authentication
- Security Friday: The wonder of Windows 2000 password
- Microsoft KB: How to prevent Windows from storing a LAN manager hash
- MSDN: Microsoft NTLM
- Sourceforge: The NTLM Authentication Protocol
- Wikipedia: LM Hash