Homework for Day 3, due next Monday:
Read the following:
- What is a password hash?
- What is an LM hash? What are LM’s main weaknesses?
- is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords.
- weaknesses: max 14 characters split into two halves, converted to uppercase, does not use salt.
- How many character is an LM password split into before it is hashed?
- What is an NTLM hash?
- successor to the LM hash.
- What is a salt, and how is it used by NTLM?
- Salt is a unique value that is used to ensure that if two users have the same password, the generated hash digest will be different.
- It is typically stored with the users hash digest.
- NTLM does not use salt.
- What format is the hash you dumped in?
- Lan Manager hash
- What Windows local security policy setting prevents storage in LM?
- What must be done for this setting to take effect?
- users much change their password.
- What is an MD5 hash?
- What advances due password storage mechanisms such as bcrypt or scrypt have over MD5?
- they include salt and are designed to be more compute intensive to convert plaintext input into hashes.
- Basically, it’s slow as hell.
- What is a rainbow table, and how does it differ from a dictionary password guessing attack? From a brute force attack?
- A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.
- the difference is that the rainbow tables are pre-computed hash digests, where a dictionary attach or brute force attach has to calculate the hashes on the fly and compare them to the target digest.
Go to FreeRainBowTables.com and look at the various rainbow tables.
- What is a character set?
- What is the correlation between the coverage of a character set and the size of a rainbow table?
- Why do you think NTLM tables are larger than LM?
- the max number of characters in LM is 14 characters split in half. (two 7 character password before computing the digest.)
- What format are these tables in? https://www.freerainbowtables.com/en/tables2/
- What is the approach used with Hashcat vs oclHashcat?
- Hashcat: CPU based. runs on linux, osx, windows.
- oclHashcat: - GPU-based, runs on linux and windows.
- What is GPU cracking?
- clustering several GPU’s together for the purpose of cracking passwords.
- The advent of GPU computing over the past decade has contributed to huge boosts in offline password cracking.
- Why is GPU cracking faster than CPU?
Network Authentication Describe the following:
- Basic Authentication
Bonus reading (not required):
- Mudge’s original ezine rant on LM- https://dl.packetstormsecurity.net/Crackers/NT/l0phtcrack/l0phtcrack.rant.nt.passwd.txt