Password Security 101
Legacy NT Password Length
NT Password Length -- The LM Hash Factor
In the article, Password Length, we discuss why "longer is better", but you may have heard that a longer NT password actually could be less secure. Be careful with the reasoning behind this statement, as it must be qualified, in terms of why longer would not be better, and quantified, in terms of which password lengths could be worse.
To put the issue of NT password lengths into context, it is important to have a basic understanding of how these passwords are encrypted and stored. An NT password itself uses a reasonable encryption scheme prior to storage (NTLM or NT Hash), not unlike its Unix counterpart. The problem arises, however, because the NT password is actually stored twice, in two different formats. Like the weakest link in a chain, it is the weaknesses of LM Hash format that causes the strength of entire system to collapse.
The justification for the LM Hash format is backward compatibility with legacy versions of the Microsoft Windows® network-enabled operating systems, going back to LAN Manager® and Windows for Workgroups®, which used the LM hash authentication scheme for LAN Manager (LANMAN) clients. One problem with this encryption scheme is that all characters are converted to uppercase prior to encryption. This effectively removes 26 characters from the set of choices from which a user may select a password, making a dictionary attack -- or even a brute-force attack -- considerably less work for a cracker.
The second weakness of the LM Hash scheme is an even greater one, however, because of the method used to prepare the password for encryption. The number of characters in a LM password is exactly 14, no matter how many characters a user actually chooses. A first impression would be that a 14 character password should be a good thing; unfortunately, this is not the case! First of all, each user password of less that 14 characters is padded with null characters (ASCII zero) to extend its length. The result is then split into two 7 character parts, each of which is encrypted separately. Along with a predictable parity value, the results are hashed, concatenated and stored.
The unfortunate implications of this method can be summarized as follows:
- For every password of 7 characters or less, the second half of its encrypted string is the same, and predictably, the encrypted hash of 7 null characters.
- The best password possible -- a random 14 character string -- can be cracked merely by cracking its two 7 character halves. Modern computing technology makes short work of a 7 character password, even when resorting to a brute-force attack.
- The very common 8 character length (a limitation of many other legacy systems) is no better than 7 because the 8th character is encrypted as a single character password, the most trivial of all to crack! (Is it A? Is it B? C, perhaps?)
- Each character after the 7th may provide clues for a dictionary
attack. It is for this reason that a longer password could
be less secure than a one of exactly 7 characters. For
example, consider the 10 character password, "cryptogram". Broken
into 7 character (and uppercase) parts, we have "CRYPTOG" and "RAM"
(with "RAM" null-padded). Being a simple dictionary word, cracking
the second part is trivial. But worse, the cracker would have a
strong hint that the solution set may contain one of just two
words, since (according to my system dictionary) there are just a
pair of 10 character words ending in "ram": cryptogram and
polarogram. Other similar examples two word sets for 10 character
words with the trailing 3 character matches:
- astronomer and programmer
- auctioneer and commandeer
- confidante and dilettante
- dramaturgy and metallurgy
- lymphocyte and troglodyte
- indistinct and sacrosanct
- octahedron and polyhedron
- aficionado
- chimpanzee
- hallelujah
- molybdenum
- Montevideo
- periwinkle
- petroglyph
- riboflavin
- scientific
Many other issues compound this weak authentication scheme. Only the most recent versions of Windows provide reasonable protection of the Security Accounts Manager (SAM) database, for example. The SAM database is an integral part of the registry, making home-grown solutions dangerous at best. Most systems administrators at least recognize the importance of protecting the SAM but users have few choices.
So what can users do to protect themselves from NT password attacks? Select random passwords of 15 characters or longer in order to force the LM Hash to incorrectly match anything. This effectively disables the LM Hash from the user's perspective. If you are forced to authenticate from legacy Windows clients, or against legacy Windows servers, the best you can do is use a 14 character random password. Be sure you do not use it elsewhere!
It has been suggested elsewhere that you can protect yourself by using alternate characters in your password. (These can be formed by holding the ALT key while selecting various 3 digit combinations on the numeric keypad). This helps by increasing the search space -- and certainly mitigates the risk of a dictionary attack -- but with cracking software running on modern hardware, does not provide a complete solution. In general, follow the advice given in the articles:
Note that random passwords are always your best bet.Microsoft has recognized the problems and continues to address specific issues.
Link To This Page
Knowledge is power. The Bitmill Inc. encourages links to our site. To link to this page, please cut and paste the following HTML code into your web page source file.
<a href="http://www.thebitmill.com/articles/nt_password.html">NT Password Length</a>
Your link will look like this:
NT Password Length
Thank you for your interest and support.
