LAN Manager
Microsoft Windows NT 3.1 |
---|
LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.
History
The LAN Manager
In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support for
Versions
- 1987 – MS LAN Manager 1.0 (Basic/Enhanced)
- 1989 – MS LAN Manager 1.1
- 1991 – MS LAN Manager 2.0
- 1992 – MS LAN Manager 2.1
- 1992 – MS LAN Manager 2.1a
- 1993 – MS LAN Manager 2.2
- 1994 – MS LAN Manager 2.2a
Many vendors shipped licensed versions, including:
Password hashing algorithm
The LM hash is computed as follows:[3][4]
- The user's password is restricted to a maximum of fourteen characters.[Notes 1]
- The user's password is converted to uppercase.
- The user's password is encoded in the System OEM code page.[5]
- This password is NULL-padded to 14 bytes.[6]
- The “fixed-length” password is split into two 7-byte halves.
- These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a parity bit after every seven bits (so
1010100
becomes10101000
). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The parity bits added in this step are later discarded.) - Each of the two keys is used to DES-encrypt the constant ASCII string “
KGS!@#$%
”,[Notes 2] resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set toNONE
. - These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
Security weaknesses
LAN Manager authentication uses a particularly weak method of hashing a user's password known as the LM hash algorithm, stemming from the mid-1980s when viruses transmitted by floppy disks were the major concern.[7] Although it is based on DES, a well-studied block cipher, the LM hash has several weaknesses in its design.[8] This makes such hashes crackable in a matter of seconds using rainbow tables, or in a few minutes using brute force. Starting with Windows NT, it was replaced by NTLM, which is still vulnerable to rainbow tables, and brute force attacks unless long, unpredictable passwords are used, see password cracking. NTLM is used for logon with local accounts except on domain controllers since Windows Vista and later versions no longer maintain the LM hash by default.[7] Kerberos is used in Active Directory Environments.
The major weaknesses of LAN Manager authentication protocol are:[9]
- Password length is limited to a maximum of 14 characters chosen from the 95 ASCII printable characters.
- Passwords are not case sensitive. All passwords are converted into uppercase before generating the hash value. Hence LM hash treats PassWord, password, PaSsWoRd, PASSword and other similar combinations same as PASSWORD. This practice effectively reduces the LM hash key spaceto 69 characters.
- A 14-character password is broken into 7+7 characters and the hash is calculated for each half separately. This way of calculating the hash makes it dramatically easier to crack, as the attacker only needs to brute-force 7 characters twice instead of the full 14 characters. This makes the effective strength of a 14-character password equal to only , or twice that of a 7-character password, which is 3.7 trillion times less complex than the theoretical strength of a 14-character single-case password. As of 2020, a computer equipped with a high-end alphanumericpasswords can be tested and broken in 2 seconds.
- If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, a password is less than or equal to 7 characters long can be identified visibly without using tools (though with high speed GPU attacks, this matters less).
- The hash value is sent to network servers without Cain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.
Workarounds
To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the
LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%")
by NThash=MD4(UTF-16-LE(password))
, which does not require any padding or truncating that would simplify the key. On the negative side, the same DES algorithm was used with only 56-bit encryptionWhile LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLMv2 or
Reasons for continued use of LM hash
Many legacy third party
Product | NTLMv1 support | NTLMv2 support |
---|---|---|
Windows NT 3.1 | RTM (1993) | Not supported |
Windows NT 3.5 | RTM (1994) | Not supported |
Windows NT 3.51 | RTM (1995) | Not supported |
Windows NT 4
|
RTM (1996) | Service Pack 4[12] (25 October 1998) |
Windows 95 | Not supported | Directory services client (released with Windows 2000 Server, 17 February 2000) |
Windows 98 | RTM | Directory services client (released with Windows 2000 Server, 17 February 2000) |
Windows 2000 | RTM (17 February 2000) | RTM (17 February 2000) |
Windows Me | RTM (14 September 2000) | Directory services client (released with Windows 2000 Server, 17 February 2000) |
Samba | ? | Version 3.0[13] (24 September 2003) |
JCIFS | Not supported | Version 1.3.0 (25 October 2008)[14] |
IBM AIX (SMBFS) | 5.3 (2004)[15] | Not supported as of v7.1[16] |
Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled in Active Directory itself.
Lastly, prior to the release of Windows Vista, many unattended build processes still used a
See also
- NT LAN Manager
- Active Directory
- Password cracking
- Dictionary attack
- Remote Program Load(RPL)
- Security Account Manager
Notes
- ^ If the password is more than fourteen characters long, the LM hash cannot be computed.
- ^ The string “KGS!@#$%” could possibly mean Key of Glen and Steve and then the combination of Shift + 12345. Glen Zorn and Steve Cobb are the authors of RFC 2433 (Microsoft PPP CHAP Extensions).
References
- ^ Andy Goldstein (2005). "Samba and OpenVMS" (PDF). de.openvms.org. Archived from the original (PDF) on 2021-02-07. Retrieved 2021-01-01.
- ^ "DOS SMB Client Performance | OS/2 Museum". Retrieved 2023-08-28.
- ^ "Chapter 3 - Operating System Installation". Microsoft Docs. 24 March 2009. The LMHash. Retrieved 2023-10-16.
- ^ Glass, Eric (2006). "The NTLM Authentication Protocol and Security Support Provider: The LM Response". Retrieved 2015-05-12.
- ^ "List of Localized MS Operating Systems". Microsoft Developer Network. Archived from the original on 2015-05-18. Retrieved 2015-05-12.
- ^ a b "Cluster service account password must be set to 15 or more characters if the NoLMHash policy is enabled". Microsoft. 2006-10-30. Archived from the original on 2014-09-10. Retrieved 2015-05-12.
- ^ a b Jesper Johansson (31 August 2016). "The Most Misunderstood Windows Security Setting of All Time". Microsoft Docs. Microsoft. Retrieved 16 October 2023.
Although Windows Vista has not been released yet, it is worthwhile to point out some changes in this operating system related to these protocols. The most important change is that the LM protocol can no longer be used for inbound authentication—where Windows Vista is acting as the authentication server.
- ^ Johansson, Jasper M. (2004-06-29). "Windows Passwords: Everything You Need To Know". Microsoft. Retrieved 2015-05-12.
- ^ Rahul Kokcha
- ^ Benchmark Hashcat v6.1.1 on RTX 2070S (SUPER), Mode 3000 LM, accessed November 29, 2020
- ^ a b "How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases". Microsoft Docs. 2007-12-03. Retrieved 2023-10-16.
- ^ "Windows NT 4.0 Service Pack 4 Readme.txt File (40-bit)". Microsoft. 1998-10-25. Archived from the original on 2015-05-19. Retrieved 2015-05-12.
- SAMBA. 2003-09-24. Retrieved 2015-05-12.
- ^ "The Java CIFS Client Library". Retrieved 2015-05-12.
- ^ "AIX 5.3 Networks and communication management: Server Message Block file system". IBM. 2010-03-15. p. 441. Retrieved 2015-05-12.
- ^ "AIX 7.1 Networks and communication management: Server Message Block file system". IBM. 2011-12-05. Retrieved 2015-05-12.
External links
- 1.3.8.1.1 Microsoft LAN Manager at the Wayback Machine (archived 2017-02-12)