Password or Passphrases, are you secure?

Posted: August 29, 2008 in Computer and Internet

 

Every now I come across a machine which I do not have access to and need access to, not for any illegal purpose, just ordinary machines used to get the job done but I forgot the password used to access it. As having physical access to a machine means its game over it is not really a bother, just a slight annoyance. I am generally surprised as to how simple most passwords normally are and also at the fact that most people (read admins) don’t seem to care much as to how Windows and Linux work and what has to be done to secure them, or at least make it slightly harder. Therefor I thought I would give a few hints and pointers.

I guess in the average company security breaches are rare (at least those that do any damage), and perhaps even if a breach happens the secrets that can be stolen are of less value then the money needed to secure them. But I don’t think that excuses a 15min investment in a few web pages to actually just learn the few tweaks that should be done to your systems. For instance using pass phrases instead of password on your administrator accounts. Also basic stuff about how windows system used to work in Win95 and NT and how that legacy can severely compromise your users. The Windows system (and unix wasn’t any better) had a component called LAN Manager which handled the network stuff back then. Instead of sending passwords back and forth hashes were used, however the hash in the LAN manager is particularly weak and this does not seem to be common knowledge.

If it were I wouldn’t be able to so easily get into most computers. Even when working for Ericsson I found their systems to be lacking the proper security measures, this is a bit surprising as such large corporations put a lot of effort and money into security and still they miss the most basic things. The LN hashes were easily grabbed from your own domain computer by grabbing them from the LN manager’s memory dumps. This is particularly compromising when domain accounts are used for running services, and those accounts are not blocking local logon. The reason for this is that you just need to attack your local computer which leaves no traces and then you have a valid domain account that can reach any computer on the network more or less anonymously. Even worse this password might be a shared secret so it might actually go to more than one account. With some trickery you can quite easily compromise a colleagues password if you intentions are malicious. 

The reasons the LN hash is weak can be read about on the Wiki or any preferred best practices site for computer security but I give a few links below that gives a simple summary as well as describing the most common attack methods on hashes without salting where Rainbow attacks are very powerful (can cut down LN hash recovery to as low as 12s on average). It also gives links to a few useful tools that any admin or user of a computer should use to make sure your passwords are good.

http://technet.microsoft.com/en-us/magazine/cc745951.aspx?pr=blog

http://redmondmag.com/columns/article.asp?EditorialsID=736

And here is an article that you should consider as well

http://technet.microsoft.com/en-us/magazine/cc745951.aspx?pr=blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s