1
00:00:03,410 --> 00:00:11,520
Let's now look into the generation of an alum hash and Elham hash is strictly speaking not a hash since

2
00:00:11,520 --> 00:00:15,260
it uses a DSL rhythm and not a cryptographic hash function.

3
00:00:17,060 --> 00:00:21,950
Why was Microsoft so stubbornly using weak cryptographic algorithms in the past.

4
00:00:23,100 --> 00:00:32,270
The answer is politics the export of strong cryptography used to be restricted in the US windows into

5
00:00:32,340 --> 00:00:38,080
administrators might remember a special patch that allowed them to make use of 56 keys instead of 40

6
00:00:38,080 --> 00:00:39,280
big keys.

7
00:00:41,320 --> 00:00:44,200
The patch was only released once the embargo was lifted.

8
00:00:45,300 --> 00:00:50,730
Microsoft was unable to export strong cryptographic protocols as the American government considered

9
00:00:50,730 --> 00:00:51,650
this a threat.

10
00:00:53,940 --> 00:01:02,260
As you might imagine European software producers strongly supported the ban.

11
00:01:02,400 --> 00:01:10,020
Let's return to the L-M hash assume the user's password is the string Seattle one.

12
00:01:10,200 --> 00:01:18,500
The protocol converts the string into uppercase in earlier versions of windows such as XP user passwords

13
00:01:18,530 --> 00:01:19,770
aren't case sensitive

14
00:01:22,350 --> 00:01:27,480
upper case and lower case letters can be used interchangeably since the string will be converted anyway.

15
00:01:29,480 --> 00:01:40,800
The system doesn't recognize the case of letters used in the password.

16
00:01:40,820 --> 00:01:45,620
The second drawback is that the protocol restricted allowable characters to alphanumeric only

17
00:01:51,680 --> 00:01:54,160
after a string was converted to capital letters.

18
00:01:54,170 --> 00:01:58,770
The password was divided into two parts.

19
00:01:58,970 --> 00:02:02,130
The first seven characters were the first part of the password.

20
00:02:02,360 --> 00:02:05,660
The other seven are the second part.

21
00:02:05,700 --> 00:02:11,860
The password has two ideal halves in order to make the two parts equal.

22
00:02:11,860 --> 00:02:16,850
Passwords were padded with spaces to 14 characters.

23
00:02:16,920 --> 00:02:20,290
If you use L-M they are still padded in this way.

24
00:02:21,430 --> 00:02:27,220
This has interesting implications and will come back to this later.

25
00:02:27,240 --> 00:02:31,950
One of the consequences to this solution was that an eight character password is more vulnerable than

26
00:02:31,950 --> 00:02:38,930
a password that has 7 characters the eighth character meant that a part of the password was made up

27
00:02:38,930 --> 00:02:42,920
from one character and nulls.

28
00:02:42,930 --> 00:02:44,520
This was a fixed string.

29
00:02:44,610 --> 00:02:50,710
So even from the D.S. cipher you can deduce what was there.

30
00:02:50,790 --> 00:02:55,940
The character could also hint to what was contained in the first part.

31
00:02:56,110 --> 00:03:00,610
If the character was the last digit of a birthdate you could assume that the earlier characters were

32
00:03:00,610 --> 00:03:02,030
the preceding digits.

33
00:03:04,380 --> 00:03:07,830
We already have the 2 7 character parts.

34
00:03:07,830 --> 00:03:12,460
Now each part is separately encrypted with the D.S. algorithm using a fixed key.

35
00:03:12,570 --> 00:03:21,520
A literal output of the encryptions is then joined using an ordinary concatenation.

36
00:03:21,540 --> 00:03:23,570
The result is a LAN Manager password

37
00:03:27,040 --> 00:03:30,900
as we've seen a LAN Manager password is not 14 characters long.

38
00:03:32,770 --> 00:03:38,400
It's split into two 7 character passwords since both parts of the password can be cracked separately.

39
00:03:41,970 --> 00:03:47,940
The number of operations needed to crack it is lowered again.

40
00:03:48,030 --> 00:03:56,380
It's enough to perform about 10 to 12 power operations to check all else manage your passwords for modern

41
00:03:56,380 --> 00:03:57,670
machines tend to the twelfth.

42
00:03:57,660 --> 00:04:00,120
Power is not a large number.

43
00:04:00,160 --> 00:04:02,500
A password can be cracked in a matter of seconds

44
00:04:09,100 --> 00:04:15,610
and the land manager has a protocol that employs solutions that are both simpler and less vulnerable.

45
00:04:15,610 --> 00:04:23,350
Above all it ops for a hash function instead of the D.S. because of the restrictions and the embargo

46
00:04:23,350 --> 00:04:24,340
we mentioned.

47
00:04:24,730 --> 00:04:29,590
The hash function is not very secure its message Digest version for

48
00:04:32,500 --> 00:04:37,710
is not a serious problem however as nobody will try to generate a password that will have a hash identical

49
00:04:37,710 --> 00:04:38,800
to yours.

50
00:04:41,110 --> 00:04:43,160
This attack would not make any sense.

51
00:04:45,580 --> 00:04:50,920
What's the difference between enty and LAN Manager passwords.

52
00:04:50,940 --> 00:04:55,730
First the anti passwords are case sensitive.

53
00:04:55,790 --> 00:05:02,210
They also allow you to use a password that is longer than 14 characters and implication that it's worth

54
00:05:02,210 --> 00:05:08,090
noting is that if you work on a system that uses LAN Manager for example on Windows XP with the default

55
00:05:08,090 --> 00:05:12,940
configuration is kept you should provide the 15 character password or longer

56
00:05:15,660 --> 00:05:18,880
a LAN Manager hash can be generated from this password.

57
00:05:19,090 --> 00:05:22,840
And so Windows will not generate the hash.

58
00:05:23,050 --> 00:05:31,310
You'll be a lot more secure than anybody else for any TLM the maximum password length is 127 characters.

59
00:05:32,520 --> 00:05:33,760
What does this mean.

60
00:05:36,360 --> 00:05:41,670
The simple fact that passwords aren't broken in half and letters aren't converted to uppercase means

61
00:05:41,670 --> 00:05:47,720
that an alphanumeric only password like the passwords used in LAN Manager requires tend to the 25th

62
00:05:47,730 --> 00:05:57,290
power operations to brute force this provides a lot more security.

63
00:05:57,420 --> 00:06:02,220
If you use a fourteen character password with special characters a brute force attack will take ten

64
00:06:02,220 --> 00:06:04,610
to the sixty seven power operations.

65
00:06:09,190 --> 00:06:16,600
And if you insisted on using up all the password space provided 127 characters cracking the password

66
00:06:16,610 --> 00:06:20,990
using a brute force attack would required tend to the 611 operations

67
00:06:25,250 --> 00:06:28,400
a. And then tell them passwords are deterministic.

68
00:06:29,750 --> 00:06:32,240
It's similar with Linux in Unix systems.

69
00:06:33,140 --> 00:06:37,490
Determinism means that the same hash must always be generated from the same password.

70
00:06:38,640 --> 00:06:39,600
There's no seed in it.

71
00:06:39,610 --> 00:06:41,340
That would create pseudo randomness

72
00:06:44,010 --> 00:06:48,460
when manager was used up to the release of Windows Vista.

73
00:06:48,520 --> 00:06:53,770
The protocols that replace it give us a lot more security.

74
00:06:53,850 --> 00:06:58,530
If you still use Windows XP at least select a different protocol than LAN Manager.