On Wed, 24 Jul 2013 12:59:24 -0400, Greg Freemyer wrote:
I can say with confidence that at least one form of Windows XP authentication is attackable via rainbow tables (LM - Lan Manager).
NTLM is a pretty old system, and certainly at least at one time, it was possible to use rainbow tables against it. I *think* there's a newer NTLM (NTLMv2 perhaps) that uses salt, but it's been a while since I looked into it. Keep in mind that Windows XP is also quite old - it's nearly out of support, but we're talking about pretty old technology here.
Back to SALT.
My question in part is why are there rainbow tables available for attacking Windows LM and NT based authentication systems if rainbow tables can be made useless by simply applying a SALT parameter. Is it that Microsoft uses a common SALT for all LM based systems and also uses a common SALT for all NT based authentication systems?
Using a common salt value would be the same as using no salt value. It wouldn't add anything to the strength of the algorithm. The point of adding salt to a crypto algorithm is to increase the size of a keyspace attack.
fyi: I do have other places I can go ask this. I only asked it here because you implied rainbow table based attacks are easily overcome by using a SALT, whereas I know that rainbow table based attacks are heavily used by bad guys, so I felt an implied contradiction between what I knew and what you said.
To clarify, what I mean is they're easily overcome by using an algorithm that uses a salt. If you have an entrenched mechanism (as with NTLM), modifying the underlying system components while providing backwards compatibility isn't really possible. that's how Lophtcrack (for example) attacked newer implementations - because the old NTLM mechanism was still in place. (That's called, IIRC, a "weakest (or 'weaker') sister" style attack). That's why you still see them around - they tend not to be used at all against systems that have no backwards compatibility requirements, because most modern crypto uses algorithms that are salted (unless there's no perceived need to, which is common also in things like forum software implementations - though honestly, I've not looked closely at the inbuilt authentication mechanism in vBulletin to know if they use a salted algorithm or not). Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org