Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

Filed Under: Cryptography, Featured, Windows

OK, so Dead in Six Hours isn't quite what the paper is called. I made that up.

It's actually called Exacerbating Global Warming. (It is. Really.)

In the paper, researcher Jeremi Gosney describes a pet project of his.

He's lashed together 25 AMD Radeon Graphics Processing Units (GPUs) into a specialised computing cluster.

It will cost you about $20,000 to build one, and you'll need twenty rack units of space in a server room. (That's just under a rack-metre.)

You'll also need an industrial-style power supply delivering 7kW, which is where the paper's title comes from, plus some half-decent air conditioning.

In return for your investment, claims Gosney, you'll be able to brute-force all regular eight-character Windows passwords from their NTLM hashes in about six hours.

That's about four times faster than Gosney's previous top-end hashbusting machine, which needed 24 hours - an entire day! - to do the same job.

Why so fast? And why Windows passwords?

The reason is that NTLM relies on one of the easiest-to-crack hashing systems still in widespread use: a straight, unsalted, uniterated MD4 hash of your password. (The raw password is presented in little-endian UCS-2 format, with 16 bits per character, not as an ASCII string.)

If you have a UNIX-flavour command prompt and some common utilities handy, you can convert any ASCII password to its NTLM hash like this:

$ echo -n "password" | iconv -f ASCII -t UCS-2LE \
   | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c

Note that, with no salt, everyone who chooses "password" as a password will end up with the same hash, so you can use a pre-computed database of common hashes.

But with Gosney's cracker, you might as well not bother pre-calculating anything: you can churn through nearly 400,000,000,000 MD4 hashes per second and save yourself the space you'd need to store the lookup table.

Big deal, you say. Microsoft no longer recommends NTLM anyway, and Active Directory logins don't use it.

But perhaps consumers and small businesses should be worried? After all, if you have an ad hoc network of Windows computers, without Active Directory or a Windows domain, you're still wedded to NTLM.

In fact, any local accounts on a Windows PC have NTLM hashes stored locally in the Security Accounts Manager (SAM) database. Grab the hashes, and you can attack them offline.

Big deal, you say. If hackers can leech your SAM database, they've already got Administrator rights, so they don't need your password.

But if they do get and crack your password hashes, they may be able to get back in later at their leisure, even if you close the security hole they used to grab your SAM data. And they'll have the plaintext of your password, which could cost you if you have used it anywhere else.

So here are two lessons we can learn from this:

Eight characters just isn't long enough for a password these days.

→ Choose long and complex passwords, or use a password management tool to help you. That way, you keep ahead of the bulk cracking tools. If eight characters gives 98-to-the-power-8 choices, adding just three more randomly-chosen characters multiplies that by a further 98-to-the-3, or close to 1,000,000-fold.

You probably have other passwords even more easily crackable than your Windows one.

Some websites or online services may even even keep plaintext, or unhashed, copies of your password. Cracking time for those is zero.

→ Don't use the same password for multiple accounts. That way, you don't lose the keys to the whole castle if any of your individual passwords is compromised.

Oh, and if you're looking for the briefest of technical challenges over the holiday season, why not satisfy yourself how risky simple passwords are by having a go at the hashes in the Windows 8 screen shot above?

Estimated time to crack once you're ready to go, even without a GPU: well under a second.

Here they are, cuttable-and-pastable for your cracking pleasure:

Administrator:500::F773C5DB7DDEBEFA4B0DAE7EE8C50AEA:::
duck:1001::BECEDB42EC3C5C7F965255338BE4453C:::

Enjoy.

, , , , , , ,

You might like

26 Responses to Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

  1. Greg M · 622 days ago

    Yep only about a second to get those passwords

    • Paul Ducklin · 621 days ago

      Did you use "John"?

      On my Mac, john was sufficiently quick that it reported the time as 0 seconds ;-)

      (I translated that into English above as "well under a second.")

  2. alt.fan.duckduckduck · 622 days ago

    Yes... less than a second if you happen to know the keyspace already or get lucky with rules/dictionary.

    lowercase and lowercase + numeric charactersets are a reasonable starting point, however, Windows AD "complexity" wouldn't let you choose any of these passwords fwiw (which isn't much).

    The results below are GPU-based with just 2 radeon 7970s in use (~11B NTLM/sec) focused on 1-8 chars lowercase and numeric only (no symbols, upper case, etc.). The running times indicated are within a given password length after incrementing up.

    f773c5db7ddebefa4b0dae7ee8c50aea:
    Status.......: Cracked
    Time.Running.: 14 secs

    All 1-7 lowercase/numeric takes about 10 seconds. Note the first hash is 8 chars. That took 14 seconds on top of the 10 seconds to get 1-7 completed. So 29 seconds total really.

    This second hash took less than 10 seconds. If I'd just made it lowercase (my usual first guess) it would've been a second or two faster.

    becedb42ec3c5c7f965255338be4453c:
    Status.......: Cracked

    7 seconds plus 2 or so to do 1-6 chars.

    [Post edited for length and as an anti-spoiler measure.]

    • Paul Ducklin · 621 days ago

      There is a dictionary clue in the text - follow the link :-)

  3. Just Saying · 621 days ago

    Oh my word. ANY Windows Administrator who STILL doesn't set GPOs to prevent the storing of NTLM hashes needs to be shot. Why do SO many "hacks" still rely on poor NT4 technologies?
    And if you have done ANY studies wrt IT systems, you would know that an IT system consists of Hardware, Software, Peripherals as well as the organic interface between the chair and the keyboard. As you are responsible for the IT system, you are therefore responsible to train the end-users in proper computing practices as well, whether you like it or not. If they don't want to be trained, you just set your password policy to use at least 9 characters. How easy is it to train people that PHRASES are the way to go. How long is it going to take to crack: "My Girlfriend is a Minx!!" ??
    But then, seeing that in the UK IT salaries are laughable, maybe the saying is true: pay peanuts, get monkeys....

    • Per Bull Holmen · 621 days ago

      But the phrase "my Girlfriend is a Minx" consists solely of dictionary words. Are you sure that it's safe?

      • ThatITGuy · 621 days ago

        Yes, because it contains not dictionary Unicode characters (the space character).
        That password would take a long time to crack and I'd imagine a dictionary attack would have issues parsing the space character.

        • Ken Esq · 620 days ago

          Except when the person writes it on a Post-It note and sticks it on their monitor...or goes the extra step and hides it in their top drawer or under their desk blotter.

      • PwdRsch · 621 days ago

        It is fairly safe against the common password cracking techniques used today. Most of them do not try sentences or more than a few words strung together. They tend to focus on either brute forcing shorter strings (his sentence is too long for brute forcing to discover) or trying dictionary words/names with slight modifications (e.g. P@ssword1).

        However, researchers are already working to develop phrase lists pulled from movie names, song lyrics, and Wikipedia entries. Once attackers start using these effectively to guess popular passphrases they won't be as secure.

        I'd always encourage throwing some symbols or misspelled words in there to bump up the security.

      • Just Saying · 621 days ago

        The idea behind NOT using words in a dictionary is because a dictionary attack literally runs the words in a dictionary against your passwords. The dictionary however does not have phrases. To make THAT work, you have to add the actual phrases in your "dictionary file". Currently (and yes - that is CURRENTLY), to crack this password you have to brute force it, until somebody clever figures out a way to start creating sensible phrases. The next thing I will do, is to start generating phrases using multiple languages....

      • I would modify that to increase security and make it even harder to crack by including non-alphanumeric characters and non-standardised spelling.... something like "my G1rlfrend iz a Mynx!!" Just make it catchy enough that you'll remember it

    • "deserves to be shot" ... a little too soon for that phrasing. I live near Newtown, Ct.

    • wow...i would love a shot at your network. an IT guy who is as smart and confident as you are definitely has holes in his network. Expecting every IT guy in every office in america to be the "trainer" is just laughable as well. Bet your users really "love* you lol....

      • Just Saying · 621 days ago

        It doesn't go about confident. It goes about trying my best to ensure my ass is as safe as possible in case of a security-breach, and that includes documentary proof that I have done my best to educate end-users.
        It goes about layers of security. And your network is only as secure as your weakest link. Therefore, if you don't educate your end-users (and there are MANY different ways to do this - you don't have to lecture them), all your OTHER methods of security will become null and void if users don't understand the importance of long, complex password that is easy to remember.
        Obviously, if you are in a large organisation where management are not lax to invest some money to improve security, multi-factor authentication is the way to go. Also using a certificate infrastructure to authenticate ALL clients. Etc...
        The only secure computer is one encased in a few cubic meters of concrete, not attached to any cables, and dropped in the deepest part of the ocean, and even then it might not be secure.
        The hacker has to be lucky once. You as the IT guy have to be lucky the whole time. Forget that at your peril...

    • 2072 · 620 days ago

      It's actually easier to remember phrases that makes absolutely no sense than sentences with an actual meaning, such as :

      "The sun is always hot, except when it rains." (also notice the punctuation)

      This is very easy to remember and awfully difficult to crack :)

      • Alasdair · 620 days ago

        It may be easy to remember, but for people who aren't touch typists (or maybe especially for those who are), it is difficult to type accurately.

        Even experienced users can lock themselves out through mistyping. Setting ever more complex password restrictions will merely infuriate the users (And no. Password managers in a corporate environment are unequivocally verboten, so don't even go there)

        In short, as other posters have alluded, IT security needs to be "in depth" (multiple discrete layers - MAC verification, IP whitelists, multiple internal/external firewalls, passwords as a starter) rather than "in width" (single 256 character password that must contain no dictionary words, at least 32 non-printable unicode characters, to be changed every day, with no repetitions for the last 1000 years - OK, I exaggerate)

    • Paul Ducklin · 621 days ago

      Hahaha. The hashes show up on the "most recent cracks" page on the site you mention ([REDACTED] as an anti-spoiler measure)...not sure if that was you :-)

  4. PwdRsch · 621 days ago

    I'd like to clear up a common misconception that you reinforce in this article. There is a difference between NTLM (AKA "NT hash") password hashes and the NTLM authentication protocol. Kerberos should be the authentication protocol used in modern Windows domains, however it still uses the NTLM password hashes. So you cannot simply stop using NTLM password hashes (your linked Microsoft article is talking about the auth protocol).

    You can turn off the storage of LM password hashes, which you definitely should do if you don't have to support legacy Windows systems. They are much weaker than NTLM hashes.

    You can also set GPO restrictions on what versions of the NTLM authentication protocol is used. There were security vulnerabilities in earlier versions so you typically want to force use of the NTLMv2 authentication protocol unless you have legacy Windows systems that prevent this.

    • Paul Ducklin · 621 days ago

      I hear you - there's plenty of potential for confusion between NTLM *hashing* and NTLM *authentication*. (The latter is an across-the-network challenge-response protocol that involves an NTLM hash at its core.)

      But I think I was careful enough always to say, "NTLM hash" when that's what I meant...and in the article by Microsoft to which I link, the author argues against NTLM (with the term used ambiguously) on several grounds, including its use of an unsatisfactory cryptographic primitive, viz. MD4.

      The screenshot from Windows was supposed to provide a bit of context.

      IIRC Windows 8 suppresses the storage of LM hashes (an even weaker hash than the long-disavowed MD4 used by NTLM) by default...

      • PwdRsch · 621 days ago

        Fair enough. I may have been reading into what you wrote instead of taking it at face value.

        I've had to make this point several times recently and it may now just be my default response to any mention of 'not using NTLM'. :)

  5. nealrauhauser · 620 days ago

    MD4 should have died about the time computers stopped needing a separate floating point coprocessor. Not that there is a connection, mind you, but the handwriting was on the wall for weak cryptographic methods.

  6. How about I copy and past the concise Oxford dictionary?
    Would that be safe? :P
    I have always used phrases combined with personal info upper and lower case as well as number/letter substitution.
    I even have passwords hints that are coded only to me.

    PS: I dabbled with golden eye when it came out. :)

  7. roy jones jr · 617 days ago

    I guess I have to increase the length of my password again. Its gets very monotonous after a while. :(

  8. Anonymous · 218 days ago

    Administator: [REDACTED]
    duck: [REDACTED]
    Time: 3 secs for duck
    22 secs for both
    App: ophcrack customized for Win64

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog