Re: LM HASHES

From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 02/22/03

Next message: Karl Levinson [x y] mvp: "Re: Determine Who has local admin rights"
Previous message: Karl Levinson [x y] mvp: "Re: a forensic question"
In reply to: Clarence Chase: "LM HASHES"
Next in thread: Clarence Chase: "Re: LM HASHES"
Reply: Clarence Chase: "Re: LM HASHES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com>
Date: Sat, 22 Feb 2003 09:04:58 -0500

"Clarence Chase" <Clarence.Chase@science.doe.gov> wrote in message
news:03ed01c2d9c9$9cc31640$3001280a@phx.gbl...
> After a recent vulnerability scan, the LM Hash issue was
> discovered. Article Q299656 mentions clearly that this
> only applies to Win2k SP2 and mentions that successor
> versions of Win2k remove the group policy.
>
> 1) Will upgrading to SP3 automatically fix the LM Hash
> issue?

No. What the article is saying is that if you want to use this registry
setting to remove the older LM-style password hashes from your user
databases, upgrade to SP 2 or newer first, then manually change the registry
setting [which is all a good thing to do IMHO].

> 2) Should I even worry about this issue on NT 4 servers?

Not this patch, but you do want to look into registry settings to remove
LM-style password hashes. This requires NT SP 4 or newer.

Note that in addition to the password hash format used to store password
hashes in the registry, you also want to consider changing the format used
to transmit password hashes during authentication across the network.

Password hashes can be stored and transmitted in multiple formats. The
default format is to permit the use of LM [LanManager compatible] hashes in
addition to or instead of other more secure hash formats.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

Next message: Karl Levinson [x y] mvp: "Re: Determine Who has local admin rights"
Previous message: Karl Levinson [x y] mvp: "Re: a forensic question"
In reply to: Clarence Chase: "LM HASHES"
Next in thread: Clarence Chase: "Re: LM HASHES"
Reply: Clarence Chase: "Re: LM HASHES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: LM HASHES
... >setting to remove the older LM-style password hashes from ... change the registry ... >Note that in addition to the password hash format used to ...
(microsoft.public.win2000.security)
Brute-forcing cached Windows login password hashes
... cachedump tool to extract the password hashes from the registry. ... know that each hash is salted with a machine-specific unique string. ... familiar with any rainbow tables for cracking these passwords? ...
(Pen-Test)
Re: Brute-forcing cached Windows login password hashes
... rainbow tables on freerainbowtables are much limited on mscache (since per login hash). ... Subject: SV: Brute-forcing cached Windows login password hashes ...
(Pen-Test)
Re: Converting Access Data to an Ascii text file
... Hash: SHA1 ... Use the Format() function on the query's column values. ... right click on the query & select Export. ...
(microsoft.public.access.queries)
Re: Problem with runaway format
... interpolating into a format have to be in scope when the format is ... You'll see another hash called %tikSubj. ... of the longer %tickets hash and had %tickets store the summed up time ... my $searchStart = searchStart; ...
(perl.beginners)