7-14 rules for NT passwords "Turn"

Source: Internet
Author: User
From the Alliance of Network engineers
Smart NT Password decryption a eight-character password will be opened faster than opening seven strings. But how can seven characters be compared to eight characters in a complex way?
The best way to prove this is to use an ideal password. Let's consider the password "567890Zxcvbn": 12 characters, there are numbers, letters, and case, from which point of view, is a difficult NT password. This means that unless the NT LanManager (LM) password hashing algorithm is able to master it. NT stores two separate versions of encrypted user passwords in the registry's Security Account Manager (SAM) section: One is LM and the other is a more powerful encryption NT version. The LM version is a fatal weakness in this case.
To understand why, you need to understand what the LM algorithm does when it encrypts passwords. You can find a wonderful technical discussion in WWW.10PHT com/10phtcrack/rant.html. For our purposes, it is important to mention that LM converts all characters to uppercase, expands the password to 14 characters (using a meaningless combination), and then divides the string into two parts consisting of seven characters, which are then encrypted separately. Finally, the two sets of encrypted strings are connected into a string and set to the final password hash.
In the eyes of the naked eye, this two-part string seems to be one, but L0phtCrack (www. l0pht.com) and other NT password reverse design software can independently infer each part of the password. For example, a l0phtcrack that works on a user NT Sam file that contains the name Dboies, has a password of "??????? Xcvbn ", the same as our ideal 56780Zxcvbn. Since the last five characters of the password are ASCII text ("Xcvbn"), the l0phtcrack can be deciphered within seconds of a P-II machine.
We assume that our password-cracker has noticed that the string "Xcvbn" is recorded in the results of his efforts to make use of l0phtcrack, and makes a guess: the user chooses the password based on the order of the keys on the keyboard. He stopped using L0phtCrack, added some computable speculation to the custom dictionary file, and used the dictionary for a new round of decryption, and Dboies's password immediately appeared on the screen.
Of course, if time is sufficient, any password will eventually be decrypted. Passwords with a length of eight and nine characters are least threatening. But in theory at least, any password that is not exactly seven or 14 characters long is not safe enough.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.