Windows Passwords: Everything You Need To Know
Overview How passwords are used How passwords are attacked Password best practices
In the beginning…
Password Representations LM “hashes” - Old technology used on LAN Manager
NT hashes - A.k.a., Unicode password or MD4 hash
- Used for authentication on more recent Windows systems
Cached credentials Stored User Names and Passwords - Calling application decides on representation
LM “Hash” Generation Padded with NULL to 14 characters Converted to upper case Separated into two 7 character strings
LM “Hash” Considerations Limited character set - Common alphanumeric set only
- Case insensitive
- 142 symbols
Padded to exactly 14 characters - Actually two seven-character passwords
Maximum number of passwords ≈ 6.8*1012 Unsalted…
Salting Prevents deriving passwords from password file Stored representation differs Side effect: defeats pre-computed hash attacks
NT Hash Generation Hash the password Store it
NT Hash Considerations Case preserving Maximum length = 127 characters Number of ≤14-character passwords, same char set as LM hash ≈ 4.6*1025 Number of ≤14-character password (full char set) ≈ 2.7*1067 Number of 127-character passwords ≈ 4.9*10611 Unsalted
Cached Credentials Generation Stored at logon Managed by LSA
Stored User Names And Passwords Credential Manager Stores specific password-based credentials locally Applications can leverage for password storage Uses DPAPI for storage
Authentication (authn) Winlogon passes the authn information to LSASS LSASS determines the authn package Local or remote login? If remote The chosen package generates authn data
NTLM And LM Authentication On The Wire
NTLMv2 Authentication On The Wire
LMCompatibilityLevel
Kerberos Authentication Authenticates access to domain resources by domain members Uses different operations than NTLM - Sensitive data is better protected from eavesdropping
RFC compliant (yes, it is!) Uses NT hash Well documented
Key Point Bad passwords get broken, even when using good storage and authentication methods! Solutions - Use better passwords
- Don’t let bad guys get the hashes
Four Types of Attack Passive online Active online Offline Attacks Non-electronic attacks
Passive Online Attacks Wire Sniffing Access and record raw network traffic Wait until authn sequence Brute force credentials Considerations - Relatively hard to perpetrate
- Usually extremely computationally complex
- Tools widely available
Passive Online Attacks Man-in-the-Middle and Replay Attacks Somehow get access to communications channel Wait until authn sequence Proxy authn-traffic No need to brute-force Considerations - Relatively hard to perpetrate
- Must be trusted by one or both sides
- Some tools widely available
- Can sometimes be broken by invalidating traffic
SMB Reflection Attack
Cracking v. Guessing Guessing from the logon prompt - Very slow
- Easy to detect
- Core problem: bad passwords
Cracking presumes attacker has hashes - Hashes may be world readable
- If not, system has already been hacked
- Very fast
- Core problem: bad guys with access to hashes
Active Online Attacks Password guessing Try different passwords until one works Succeeds with… Considerations - Should take a long time
- Requires huge amounts of network bandwidth
- Easily detected
- Core problem: Bad passwords
Offline Attacks Attacker has password database - How? Hard on Windows, easier on Unix
Can attack at leisure Password representations must be cryptographically secure Considerations - Moore’s law
- Attacks against cached credentials about 3x slower
Offline Attacks Dictionary Attack Try different passwords from a list Succeeds only with poor passwords Considerations - Very fast
- Core problem: Bad passwords
Offline Attacks Hybrid Attack Start with Dictionary Insert entropy Considerations - Relatively fast
- Succeeds when entropy is poorly used
Offline Attacks Brute-force Attack Try all possible passwords - More commonly, a subset thereof
Usually implemented with progressive complexity Typically, LM “hash” is attacked first Considerations - Very slow
- All passwords will eventually be found
- Attack against NT hash is MUCH harder than LM hash
Offline Attacks Pre-computed Hashes Generate all possible hashes a priori Compare to database values Storing hashes requires huge storage - LM “Hashes”: 310 Terabytes
- NT Hashes < 15 chars: 5,652,897,009 exabytes
Succeeds due to lack of salt
Offline Attacks Pre-computed Hashes – Considerations Takes significant effort up front LM Hashes much more vulnerable due to smaller key space and shorter length Web services available SETI-style efforts to generate tables Do not work against cached credentials Mitigations - Use good passwords
- Remove LM Hashes
Pass-The-Hash Attacks Tool computes response from nonce based on arbitrary hash Tools are rare but are available Instant attack Does not work with cached credentials
Non-Technical Attacks Shoulder surfing - Watching someone type their password
- Common and successful
- Mouthing password while typing
Keyboard sniffing Social engineering…
Password Cracking at Layer 8
Great Password, Weak Implementation
Pass Phrases v. Passwords
Longer Is Better!
Technology-Based Mitigation Disable LM hash storage - HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash
- Passwords > 14 characters
- Certain Unicode characters
- Clustering, Windows CE, RTC, ??? broken
- Set NtlmMinClientSec & 0x80010
Deploy password policy - Minimum length
- Complexity
- Expiration
- Reuse
Password Filter
Technology-Based Mitigation Multi-factor authentication Why use passwords at all? Smart cards - Two-factor authentication
- Very difficult to thwart
- High cost of initial deployment
Biometric
Fun With Biometrics
Detecting Attacks - Account Lockout
Summary How passwords are stored How passwords are used How passwords are attacked Password best practices
Passwords Article Series http://www.microsoft.com/technet/security/secnews/newsletter.htm
For more information Jesper and Steve finally wrote a book! Order online: http://www. protectyourwindowsnetwork. com jesperjo@microsoft.com
Dostları ilə paylaş: |