Password security related questions...hashes/password length

[bononos]

Since gpgpu computing solutions are at the point where cracking hashes like the older MD5 is trivial(minutes or hours at most for a single pc) at password lengths of 8 or less (probably more - I don't know), how long should passwords be for good security to thwart a relatively determined bad guy/org using cloud computing services.

What sort of encryption/hashing routine does windows(7, vista, XP) use to store user passwords?

What sort of hashing routine do phpbb forum software use? Do they still use the old and deprecated(by NIST at least) MD5? Is the default config for phpbb generally robust in terms of security?

 

[PrincessFrosty]

I've been looking in to this recently.

XP uses LAN Manager (LM) for storing and hashing passwords, it's crypto is really weak because it splits the hash up into smaller pieces making attacks really fast, you can find the plaintext password of LM hashes a 16 length password using full 95char set in next to no time.

NT onwards (NT/2k/Vista/Win7) all use NT LAN Manager (NTLM) which does away with the stupidities of LM and is a bit stronger, but it still doesn't use a salted hash so short passwords of about 4-5 charcaters using full 95char set can be brute forced very fast.

Character lengths of 5-8 (again full 95char set) can be brute forced with the aid of Rainbow Tables, rainbow tables essentially use a space/calculation time trade off by pre-computing lots of values, rainbow tables for are widely available for NTLM hashing, although if you want to crack up to 8 length you'll need about 1.5Tb of space.

Rainbow tables exist for 9 length passwords in places, although at this point the tables get very large and you have to start reducing the character sets to things like just alpha numeric or other "smarter" subsets like X alpha + Y numeric on the end is common, or X alpha with uppercase first letter only.

Anything past length 9 is basically past the average cracker, you need server farms and super computers, so I'd say right now that 9 length password using upper/lower/special character is pretty safe. Having said that it depends how valuable your data is to an attacker, it's a process that works very well with distributed computing so someone with access a super computer, or someone with say a botnet under their control of thousands of PCs could feasibly crack slightly larger hashes using brute force.

Length is by far the best safety measure here, it's better to have a long but easy to remember phrase for example "thispasswordiseasytoremember" than to have something like L62^nk8

I'm actually in the process of downloading the Rainbow Tables for 8 length full 95charset, for all lengths 1 through 8 is abotu 1.5Tb total. I've already got len7 and generated my own for len6 and below. There's a great free app called Cryptohaze which runs the brute force attack using rainbow tables on a GPU which MASSIVELY speeds up the brute force, I've done real world testing with Windows 7 passwords and I can break a 6 length full 95Charset password somewhere between 3 and 5 seconds on my GTX 580.

Most decent security systems relying on passwords already use salts which stop this kind of attack, at least until space/calculation speed increases significantly, I'm not sure about phpbb because I don't work with it, I work with the ASP.NET security tables mostly and they support salted passwords by default. I know Linux uses salted passwords as well. A cursory search of phpbb it looks like it does use salted passwords.

 

[bononos]

Why would XP use LM Hash since you said NT4 was already using NTLM?

http://www.lockdown.co.uk/?pg=combi
From the link above, bruteforcing 10 char (only lowercase) on a fast dual cpu pc will take 163 days.

Windows could still use the older LM for authentications with older windows clients/servers until you force it use NTLM- using the Lmcompatibilitylevel key in the registry or through the security policy tool GUI.

 

[PrincessFrosty]

Why would XP use LM Hash since you said NT4 was already using NTLM?

http://www.lockdown.co.uk/?pg=combi
From the link above, bruteforcing 10 char (only lowercase) on a fast dual cpu pc will take 163 days.

Windows could still use the older LM for authentications with older windows clients/servers until you force it use NTLM- using the Lmcompatibilitylevel key in the registry or through the security policy tool GUI.

I don't know an awful lot about the history just what I've pieced together, it looks like NTLM used by NT4 is NTLMv2, windows NT and the home consumer OSs from Microsoft always did have parallel development so it doesn't surprise me, and I don't think the weaknesses in LM were widely known early on.

Brute forcing smaller character sets such as only lowercase is a lot faster, all the sets I've been using are full character of Lower Alpha, Upper Alpha, Numeric, Special and space. Finding a plaintext of 9 or 10 length from a hash with a 95 charset compared to only 26. That takes a lot more processing power and time, but for a determined or well funded attacker not outside the realms of possibility.

You can either build cracking computers with multiple GPUs installed, hire cloud computing servers such as AWS for very short periods of time to create your own cheap, temporary, server farm. Or if you control or buy a botnet you could even distribute the work amongst zombie PCs.

Any systems administrators with access to a business network with thousands of PCs could fairly easily automate this kind of distributed brute force, the tools for it already exist.

 

[bononos]

I was refering (in your 1st post) that you described the weakness of LM Hash which is used in pre NT4. Win2k/XP and above support and use NTLMv2 which is way better.

Yeah I know about cloud cracking which was the reason for my thread. It finally got me to make better use of a password manager.

 

[PrincessFrosty]

Yeah I know, I was trying to explain that windows business OS and home OS were developed in parallel and had different requirements, NT more so due to server/client nature which required stronger auth. The NT/2k/Server OSs are developed parallel to 9x/XP home OSs so it's no suprise to see a difference in technology used.

Again the exploits weren't found immediately, it wasn't known how weak LM was initially it takes a while for people to understand the technology and work out ways to aid in brute forcing.

 

[bononos]

Some links which I came across while reading up which might be useful to others who are looking into the same subject.

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html
http://hashcat.net/oclhashcat-plus/
http://golubev.com/gpuest.htm
A fast single gpu (7970) is about 6-8 billion MD5 keys/sec. There was another article about someone managed ~33 billion keys/sec with a high end quad sli.

http://www.insidepro.com/eng/egb.shtml
The gpu used is old but there the list gives a good speed comparison btwn the diff hashing algorithms. wordpress and phpbb3 have some sort of key strengthening based on MD5 which just kills brute force, kindof answered part of my question in the OP. Hopefully they update whatever it is to keep up with current HW.

http://www.extremetech.com/computin...uture-of-password-cracking-and-supercomputing
FPGA based card works about 18x faster than 5970 in cracking WPA.

Relatively short passwords, even alphanum mixed case + special chars don't provide enough work to deter brute forcing. The problem is the lack of more specialised password hashing routines which are slow and hardware expensive.