Windows passwords: “Dead in Six Hours” – paper from Oslo password hacking conference

Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

OK, so Dead in Six Hours isn’t quite what the paper is called. I made that up.

It’s actually called Exacerbating Global Warming. (It is. Really.)

In the paper, researcher Jeremi Gosney describes a pet project of his.

He’s lashed together 25 AMD Radeon Graphics Processing Units (GPUs) into a specialised computing cluster.

It will cost you about $20,000 to build one, and you’ll need twenty rack units of space in a server room. (That’s just under a rack-metre.)

You’ll also need an industrial-style power supply delivering 7kW, which is where the paper’s title comes from, plus some half-decent air conditioning.

In return for your investment, claims Gosney, you’ll be able to brute-force all regular eight-character Windows passwords from their NTLM hashes in about six hours.

That’s about four times faster than Gosney’s previous top-end hashbusting machine, which needed 24 hours – an entire day! – to do the same job.

Why so fast? And why Windows passwords?

The reason is that NTLM relies on one of the easiest-to-crack hashing systems still in widespread use: a straight, unsalted, uniterated MD4 hash of your password. (The raw password is presented in little-endian UCS-2 format, with 16 bits per character, not as an ASCII string.)

If you have a UNIX-flavour command prompt and some common utilities handy, you can convert any ASCII password to its NTLM hash like this:

$ echo -n "password" | iconv -f ASCII -t UCS-2LE \
   | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c

Note that, with no salt, everyone who chooses “password” as a password will end up with the same hash, so you can use a pre-computed database of common hashes.

But with Gosney’s cracker, you might as well not bother pre-calculating anything: you can churn through nearly 400,000,000,000 MD4 hashes per second and save yourself the space you’d need to store the lookup table.

Big deal, you say. Microsoft no longer recommends NTLM anyway, and Active Directory logins don’t use it.

But perhaps consumers and small businesses should be worried? After all, if you have an ad hoc network of Windows computers, without Active Directory or a Windows domain, you’re still wedded to NTLM.

In fact, any local accounts on a Windows PC have NTLM hashes stored locally in the Security Accounts Manager (SAM) database. Grab the hashes, and you can attack them offline.

Big deal, you say. If hackers can leech your SAM database, they’ve already got Administrator rights, so they don’t need your password.

But if they do get and crack your password hashes, they may be able to get back in later at their leisure, even if you close the security hole they used to grab your SAM data. And they’ll have the plaintext of your password, which could cost you if you have used it anywhere else.

So here are two lessons we can learn from this:

Eight characters just isn’t long enough for a password these days.

→ Choose long and complex passwords, or use a password management tool to help you. That way, you keep ahead of the bulk cracking tools. If eight characters gives 98-to-the-power-8 choices, adding just three more randomly-chosen characters multiplies that by a further 98-to-the-3, or close to 1,000,000-fold.

You probably have other passwords even more easily crackable than your Windows one.

Some websites or online services may even even keep plaintext, or unhashed, copies of your password. Cracking time for those is zero.

→ Don’t use the same password for multiple accounts. That way, you don’t lose the keys to the whole castle if any of your individual passwords is compromised.

Oh, and if you’re looking for the briefest of technical challenges over the holiday season, why not satisfy yourself how risky simple passwords are by having a go at the hashes in the Windows 8 screen shot above?

Estimated time to crack once you’re ready to go, even without a GPU: well under a second.

Here they are, cuttable-and-pastable for your cracking pleasure: