LM-Hash
The LAN Manager Hash or LM hash is a cryptographic hash function. It is used by Microsoft LAN Manager and part of Windows NT -based operating systems to store 128 -bit hashes of passwords. Originally LM hash was developed for the Microsoft LAN Manager. He has since been used in both LAN Manager and Microsoft Windows to store user passwords that are shorter than 15 characters. This type of hash is the only type of hash function that is used in Microsoft LAN Manager and Windows versions up to Windows Me. It is supported only for backward compatibility by newer versions of Windows, but not used for authentication of accounts.
Algorithm
The LM hash is computed as follows:
- Was the password is less than 8 digits, the second half always contains the hash of 7 zeros.
If a password is chosen, for which no LM hash can be formed, for example, with a length of more than 15 points, so both halves are filled with zeros. The same value is also formed when the generation of LM hashes has been disabled globally on the respective system.
Security weakness
Although the LM hash is based on DES, it can be easily cracked in its implementation due to two weaknesses. First, passwords are longer than seven characters divided into two pieces and each piece is hashed for themselves. Second, all lowercase letters are converted to uppercase letters in the password before the password is hashed. The first weakness allowed to attack each half of the password separately. While it can be made different passwords of up to 14 mixed case letters and other permitted in a password character, there are just different 1-7 character passwords, which use the same character set. By converting the string to uppercase, the number of possibilities for each reduced to half. When performing a brute force attack on the individual halves modern, powerful CPUs can crack alphanumeric LM hashes on a core within a few hours.
Subsequently, the respective password in uppercase is available. If this is not already the actual password, nor all variants can be tested in uppercase and lowercase letters against the NTLM hash of the respective account. The computational effort required for this is minimal.
Since the LM hash not include Salt, is also a time -memory trade-off cryptanalysis attack, as rainbow tables feasible. In 2003, Ophcrack, was an implementation of the rainbow table technique published. It specifically targets the weaknesses in LM encryption and includes pre-calculated data, sufficient to break almost all alphanumeric LM hashes in a few seconds. Many cracking tools such as Rainbow crack, L0phtCrack and Cain & Abel, contain similar attacks and make the cracking of LM hashes trivial.
In response to the security weaknesses of the LM hash, Microsoft introduced the NTLM algorithm in Windows NT 3.1. While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLM hashing method, compute and store all Windows systems the LM hash by default is still to be compatible with LAN Manager and Windows Me or earlier clients. It is useful to disable this feature where it is not needed. Microsoft claims that support for LM will be completely eliminated in the new operating system Windows Vista. Nevertheless, the current Vista release in practice contains support for the LM hash, even if it is disabled by default. About Local Security Policy in the System Management activation is possible. For the Home versions of Microsoft Windows Vista, this setting is available only through the registry.
Swell
- Cryptologic hash function