Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Passwords: Everything You Need To Know

Published byPaulo Sampaio Soares Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows Passwords: Everything You Need To Know"— Presentation transcript:

1 Windows Passwords: Everything You Need To Know
Jesper M. Johansson Enterprise Security Architect Security Business and Technology Unit Microsoft Corporation

2 Overview How passwords are stored How passwords are used
How passwords are attacked Password best practices

3 How Windows Stores Passwords

4 In the beginning…

5 Password Representations
LM “hashes” Old technology used on LAN Manager NT hashes A.k.a., Unicode password or MD4 hash Used for authentication on more recent Windows systems Cached credentials Derivation of NT hash Stored User Names and Passwords Calling application decides on representation

6 LM “Hash” Generation DES DES Padded with NULL to 14 characters
Converted to upper case Separated into two 7 character strings Seattle1 = SEATTLE + 1****** Key Key DES DES Constant Constant LM Hash Concatenate

7 LM “Hash” Considerations
It’s not a hash Limited character set Common alphanumeric set only Case insensitive 142 symbols Padded to exactly 14 characters Actually two seven-character passwords Maximum number of passwords ≈ 6.8*1012 Unsalted… While the LM hash supports at least 142 characters, only the 68 that are available on a common English keyboard are in common use. The remainder are characters that do not show up on a standard US English Keyboard.

8 Salting Prevents deriving passwords from password file
Stored representation differs Side effect: defeats pre-computed hash attacks Alice:root:b4ef21:3ba4303ce24a83fe de02bf38d Bob:root:a9c4fa:3282abd ef0349dc7232c349ac Cecil:root:209be1:a483b303c23af34761de02be038fde08 Same Password

9 NT Hash Generation Hash the password Store it MD4 unicode Pwd Seattle1

10 NT Hash Considerations
Case preserving 65,535 symbols Maximum length = 127 characters Number of ≤14-character passwords, same char set as LM hash ≈ 4.6*1025 Number of ≤14-character password (full char set) ≈ 2.7*1067 Number of 127-character passwords ≈ 4.9*10611 Unsalted It is important to keep in mind here that the full character set and password length generates many more possible passwords than the MD4 hash can ever hold. Since there are at most 2^128=3.4*10^38 possible hashes, each hash will actually match 1.4*10^573 different 127-character passwords, and 7.9*10^28 different passwords up to 14-characters in length. Any of those passwords could be used no matter which one was actually used to generate the hash. However, this does not mean that the algorithm is flawed. It is still computationally infeasible to find a hash conflict for the MD4 hash algorithm.

11 Cached Credentials Generation
Stored at logon Managed by LSA Hash of a hash Unicode Pwd Username ben MD4 Concatenate Cached Creds.

12 Stored User Names And Passwords
Credential Manager Stores specific password-based credentials locally Applications can leverage for password storage Uses DPAPI for storage ben

13 How Passwords Are Used Authentication

14 Authentication (authn)
Winlogon passes the authn information to LSASS LSASS determines the authn package Local or remote login? If remote Kerberos MSV1_0 NTLMv2, NTLM, LM The chosen package generates authn data

15 NTLM And LM Authentication On The Wire
Authn_Request NTLM And LM Authentication On The Wire Server_Challenge – nonce LM Response – DES(LM Hash, nonce) NTLM Response – DES(Unicode pwd, nonce) Authn_Result ben Client Server

16 NTLMv2 Authentication On The Wire
Authn_Request NTLMv2 Authentication On The Wire Server_Challenge – nonces LM Response – DUMMY NTLM v2 Response – (Unicode pwd, nonces, noncec) Authn_Result ben Client Server

17 LMCompatibilityLevel
Client-side impact Level Sends Accepts Prohibits Sending 0* LM, NTLM, LM, NTLM, NTLMv2 NTLMv2, Session security 1 LM, NTLM, Session security NTLMv2 2* NTLM, Session security LM and NTLMv2 3 LM and NTLM Server-side impact jesper Level Sends Accepts Prohibits Accepting 4 NTLMv2, Session security NTLM, NTLMv2 LM 5 NTLMv2 LM and NTLM * Default on some OS

18 Kerberos Authentication
Authenticates access to domain resources by domain members Uses different operations than NTLM Sensitive data is better protected from eavesdropping RFC compliant (yes, it is!) Uses NT hash Well documented

19 How Passwords Are Attacked

20 Key Point Bad passwords get broken, even when using good storage and authentication methods! Solutions Use better passwords Don’t let bad guys get the hashes

21 Four Types of Attack Passive online Active online Offline Attacks
Non-electronic attacks

22 Passive Online Attacks Wire Sniffing
Access and record raw network traffic Wait until authn sequence Brute force credentials Considerations Relatively hard to perpetrate Usually extremely computationally complex Tools widely available

23 Passive Online Attacks Man-in-the-Middle and Replay Attacks
Somehow get access to communications channel Wait until authn sequence Proxy authn-traffic No need to brute-force Considerations Relatively hard to perpetrate Must be trusted by one or both sides Some tools widely available Can sometimes be broken by invalidating traffic

24 5. All right, here’s my response your response back to you
SMB Reflection Attack 5. All right, here’s my response to your (my) challenge. 3. OK, here is a challenge 1. Hey, I want to connect 6. That’s so nice, here’s your response back to you 4. Thanks! Here’s your challenge, right back at you 2. What a coincidence, so do I.

25 Cracking v. Guessing Guessing from the logon prompt
Very slow Easy to detect Core problem: bad passwords Cracking presumes attacker has hashes Hashes may be world readable If not, system has already been hacked Very fast Core problem: bad guys with access to hashes

26 Active Online Attacks Password guessing
Try different passwords until one works Succeeds with… Bad passwords Open authentication points Considerations Should take a long time Requires huge amounts of network bandwidth Easily detected Core problem: Bad passwords

27 Offline Attacks Attacker has password database Can attack at leisure
How? Hard on Windows, easier on Unix Can attack at leisure Password representations must be cryptographically secure Considerations Moore’s law Attacks against cached credentials about 3x slower

28 Offline Attacks Dictionary Attack
Try different passwords from a list Succeeds only with poor passwords Considerations Very fast Core problem: Bad passwords

29 Offline Attacks Hybrid Attack
Start with Dictionary Insert entropy Append a symbol Append a number Considerations Relatively fast Succeeds when entropy is poorly used

30 Offline Attacks Brute-force Attack
Try all possible passwords More commonly, a subset thereof Usually implemented with progressive complexity Typically, LM “hash” is attacked first Considerations Very slow All passwords will eventually be found Attack against NT hash is MUCH harder than LM hash

31 Offline Attacks Pre-computed Hashes
Generate all possible hashes a priori Compare to database values Storing hashes requires huge storage LM “Hashes”: 310 Terabytes NT Hashes < 15 chars: 5,652,897,009 exabytes Solution: Use a time-space tradeoff Succeeds due to lack of salt The numbers for storage are based on the 76 character character set consisting of numbers, letters, and upper row symbols.

32 Offline Attacks Pre-computed Hashes – Considerations
Takes significant effort up front LM Hashes much more vulnerable due to smaller key space and shorter length Web services available SETI-style efforts to generate tables Do not work against cached credentials Mitigations Use good passwords Remove LM Hashes

33 Pass-The-Hash Attacks
LM Response – DES(LM Hash, nonce) NTLM Response – DES(Unicode pwd, nonce) Pass-The-Hash Attacks Tool computes response from nonce based on arbitrary hash Tools are rare but are available Instant attack Does not work with cached credentials

34 Non-Technical Attacks
Shoulder surfing Watching someone type their password Common and successful Mouthing password while typing Keyboard sniffing Hardware is cheap and hard to detect Software is cheap and hard to detect Both can be controlled remotely Social engineering…

35 Password Cracking at Layer 8
u=/ap/ /ap_on_go_ca_st_pe/irs_computer_security

36 Great Password, Weak Implementation

37 Password Best Practices

38 Pass Phrases v. Passwords
Pass phrases are long strings Example: “This is the best presentation I have ever seen!” Very strong protection against attacks Easy to remember, a bit longer to type Sometimes break older applications Passwords are short complex strings Example: Hard to remember Often difficult to type Not resistant against current attacks Obvious substitutions are quickly broken Summary: Long easily-remembered phrases are better than short complex ones

39 Longer Is Better!

40 Technology-Based Mitigation
Disable LM hash storage HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash Passwords > 14 characters Certain Unicode characters Clustering, Windows CE, RTC, ??? broken Set NtlmMinClientSec & 0x80010 Deploy password policy Minimum length Complexity Expiration Reuse There are many ways to remove LM Hashes

41 Password Filter if(strInList(szPwd,aBadWords)) bComplex = FALSE;
if(cchPassword > 9){ for(i = 0; i < cchPassword ; i++){ if(szPwd[i] & C1_DIGIT) { dwNum = 1; continue; } if(szPwd[i] & C1_UPPER) { dwUpper = 1; continue; } if(szPwd[i] & C1_LOWER) { dwLower = 1; continue; } if(szPwd[i] & C1_SYMBOL) { dwSym = 1; continue} if(isUnicode(szPwd[i])) {dwUnicode = 1; continue} } if(bUserIsAdmin){ //Admins need better passwords than users if ((dwNum + dwUpper + dwLower + dwSym + dwUnicode == 5) && cchPassword>14) bComplex = TRUE; else { //User is not an admin, use lower requirements if(dwNum + dwUpper + dwLower + dwSym + dwUnicode) >= 4) ben

42 Technology-Based Mitigation Multi-factor authentication
Why use passwords at all? Smart cards Two-factor authentication Very difficult to thwart High cost of initial deployment Biometric Two- or three-factor authentication Usually defeated with non-technical attacks Very expensive Failure-prone

43 Fun With Biometrics ftp://ftp.ccc.de/pub/video/Fingerabdruck_Hack/fingerabdruck.mpg

44 Detecting Attacks - Account Lockout

45 Summary How passwords are stored How passwords are used
How passwords are attacked Password best practices

46

47 Passwords Article Series

48 For more information Jesper and Steve finally wrote a book!
Order online: Use promo code JJSR6437

49 Jesper M. Johansson jesperjo@microsoft.com
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Windows Passwords: Everything You Need To Know"

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000.

Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Managing Network Security ref:www.microsoft.com. Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Similar presentations

Ads by Google