ad-assurance - [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: "Capehart,Jeffrey D" <>
- To: "" <>
- Subject: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion
- Date: Fri, 21 Jun 2013 18:53:16 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport07.merit.edu; dkim=neutral (message not signed) header.i=none
Here’s a blog I found about extracting the hash and then going on to brute-forcing the plaintext password from NTLM challenge response. I also included Microsoft’s
guidance on NTLMv1 and LM. –Jeff C. NTLM Challenge Response is 100% Broken (Yes, this is still relevant)
http://markgamache.blogspot.com/2013/01/ntlm-challenge-response-is-100-broken.html How to use Cloudcracker to brute force out hashes. MS-CHAPv2 uses the EXACT same math as the LM and NTLM challenge response. Moxie demonstrates how one can submit the challenge and response to Cloudcracker to get back the LM or NTLM hash. Security guidance for NTLMv1 and LM network authentication
http://support.microsoft.com/kb/2793313 To reduce the risk of this issue, we recommend that you configure environments that run Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003 to allow the use of NTLMv2 only. To do this, manually set the LAN Manager Authentication
Level to 3 or higher as described here. From: [mailto:]
On Behalf Of Ron Thielen I apologize for nearly derailing the conversation. While I still maintain that hash stealing attacks against NTLMv2 are irrelevant to Silver assertion if you can't use the hash
to authenticate to a service that compromises the actual password (e.g. as long as Shib isn't using Windows authentication), the piece I confused was that NTLMv1 does actually pass the password. So, a brute force attack on v1 does get you the actual password,
not just a hash collision. This just reinforces my conviction that the world would be a much better place without Windows. If only IBM had chosen CPM instead of MS-DOS back in the day. :-) Ron |
- [AD-Assurance] Sorry for the NTLMv1/v2 confusion, Ron Thielen, 06/21/2013
- [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Rank, Mark, 06/21/2013
- Re: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, David Walker, 06/21/2013
- RE: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Brian Arkills, 06/21/2013
- Re: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, David Walker, 06/21/2013
- RE: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Rank, Mark, 06/21/2013
- RE: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Brian Arkills, 06/21/2013
- Re: [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, David Walker, 06/21/2013
- [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Eric Goodman, 06/21/2013
- [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Capehart,Jeffrey D, 06/21/2013
- [AD-Assurance] RE: Sorry for the NTLMv1/v2 confusion, Rank, Mark, 06/21/2013
Archive powered by MHonArc 2.6.16.