15 November 2015


by mo

Homework for Day 3, due next Monday:

Read the following:

Password storage

  1. What is a password hash?
  2. What is an LM hash? What are LM’s main weaknesses?
  3. How many character is an LM password split into before it is hashed?
    • 7
  4. What is an NTLM hash?
    • successor to the LM hash.
  5. What is a salt, and how is it used by NTLM?
    • Salt is a unique value that is used to ensure that if two users have the same password, the generated hash digest will be different.
    • It is typically stored with the users hash digest.
    • NTLM does not use salt.
  6. What format is the hash you dumped in?
    • Lan Manager hash
  7. What Windows local security policy setting prevents storage in LM?
  8. What must be done for this setting to take effect?
    • users much change their password.
  9. What is an MD5 hash?
  10. What advances due password storage mechanisms such as bcrypt or scrypt have over MD5?
  11. What is a rainbow table, and how does it differ from a dictionary password guessing attack? From a brute force attack?

Go to FreeRainBowTables.com and look at the various rainbow tables.

  1. What is a character set?
  2. What is the correlation between the coverage of a character set and the size of a rainbow table?
  3. Why do you think NTLM tables are larger than LM?
    • the max number of characters in LM is 14 characters split in half. (two 7 character password before computing the digest.)
  4. What format are these tables in? https://www.freerainbowtables.com/en/tables2/
  5. What is the approach used with Hashcat vs oclHashcat?
    • Hashcat: CPU based. runs on linux, osx, windows.
    • oclHashcat: - GPU-based, runs on linux and windows.
    • https://en.wikipedia.org/wiki/Hashcat
  6. What is GPU cracking?
  7. Why is GPU cracking faster than CPU?

Network Authentication Describe the following:

  1. NTLMv2
  2. Kerberos
  3. Basic Authentication

Bonus reading (not required):