LM hash
From Wikipedia, the free encyclopedia
LM hash or LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows use to store user passwords that are less than 15 characters long. This type of hash is the only type of encryption used in Microsoft LAN Manager, hence the name, and versions of Windows up to Windows Me. It is also supported in more recent Windows versions for backward compatibility.
Contents |
[edit] Algorithm
The LM hash is computed as follows.[1]
- The user’s password as an OEM string is converted to uppercase.
- This password is either null-padded or truncated to 14 bytes.
- The “fixed-length” password is split into two 7-byte halves.
- These values are used to create two DES keys, one from each 7-byte half.
- Each of these keys is used to DES-encrypt the constant ASCII string “
KGS!@#$%
”, resulting in two 8-byte ciphertext values. - These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
[edit] Security weaknesses
Although it is based on DES, a reasonably secure block cipher, the LM hash can easily be cracked due to two weaknesses in its implementation. First, passwords longer than 7 characters are divided into two pieces and each piece is hashed separately. Second, all lower case letters in the password are changed to upper case before the password is hashed. The first weakness allows each half of the password to be attacked separately. While there are 284 different passwords made of up to 14 mixed case letters and digits, there would be only 242 different 1-7 character password pieces using the same character set. Restricting the character set to upper case letters and digits further reduces the number of possibilities for each half to 236. By mounting a brute force attack on each half separately, modern desktop machines can crack alphanumeric LM hashes in a few hours.
Because LM hash does not include salt, a time-memory trade-off cryptanalysis attack, such as rainbow tables, is also feasible. In 2003, Ophcrack, an implementation of the rainbow table technique, was published. It specifically targets the weaknesses of LM encryption, and includes pre-computed data sufficient to crack virtually all alphanumeric LM hashes in a few seconds. Many cracking tools, e.g. RainbowCrack, L0phtCrack and Cain, now incorporate similar attacks and make cracking of LM hashes trivial.
To address the security weaknesses inherent in LM encryption, Microsoft introduced the NTLM algorithm with Windows NT 3.1. While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLM hashing method, all Windows systems still compute and store the LAN Manager hash by default for compatibility with LAN Manager and Windows Me or earlier clients. It is considered good security practice to disable this feature where it isn’t needed.[2] Microsoft claims that support for LM will be completely eliminated in the new Windows Vista operating system.[3]
[edit] Notes
- ^ Glass, Eric (2003). The NTLM Authentication Protocol. Retrieved on 2006-06-05.
- ^ How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases. Microsoft Knowledge Base. Retrieved on 2006-06-05.
- ^ Johansson, Jesper (August 2006). "The Most Misunderstood Windows Security Setting of All Time". TechNet Magazine. Retrieved on 2007-01-08.
[edit] See also
[edit] External links
- Making a Faster Crytanalytical Time-Memory Trade-Off, Philippe Oechslin, Advances in Cryptology - CRYPTO 2003
- Ophcrack, the time-memory-trade-off-cracker
- The Shmoo Group offers pre-computed rainbow tables which are downloadable via BitTorrent
- Cain and Abel