LM hash
|
LM HASH or LanManager HASH is a format that Microsoft Windows uses to store passwords that are less than 15 characters in length. This type of hash was used in early versions of Windows (up to Windows Me) and is still maintained in recent versions for backward compatibility.
Although it is based on a reasonably secure hash function (Triple DES, derived from the block cipher DES), the LM HASH can easily be cracked because of two weaknesses in the way it is implemented. First, passwords longer than 7 characters are cut into two half-passwords and each half is hashed separately. Second, all lower case letters in the password are changed to upper case before the password is hashed. As a result, even if there are <math>2^{84}<math> different passwords made of up to 14 mixed case letters and numbers, there are only <math>2^{36}<math> different LMHashes of password halves.
Modern desktop machines can crack alphanumerical LMHashes in hours with a brute force attack or in a few seconds using a time-memory trade-off.
In 2003, a time-memory trade-off was published with tables covering all alphanumerical passwords. Many cracking tools like rainbowcrack, L0phtCrack and cain, now include such a trade-off a make cracking of LM Hashes trivial, at least for alphanumerical passwords.
See also
External links
- Making a Faster Crytanalytical Time-Memory Trade-Off, Philippe Oechslin, Advances in Cryptology - CRYPTO 2003 (http://lasecwww.epfl.ch/~oechslin/publications/crypto03.pdf)
- Calculation of the LM hash (http://davenport.sourceforge.net/ntlm.html#theLmResponse)
- Disabling use of the LM hash in Windows (http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656)
- Ophcrack, the time-memory-trade-off-cracker (http://ophcrack.sourceforge.net)