Re: LM HASHES

From: Clarence Chase (Clarence.Chase@science.doe.gov)
Date: 02/24/03 

From: "Clarence Chase" <Clarence.Chase@science.doe.gov>
Date: Mon, 24 Feb 2003 11:07:22 -0800

Thank you very much. 1 follow up question

What's the difference between a REG_SZ value and a
REG_DWORD value?

I had to create the NoLMHASH key and by default it had a
REG_SZ value.

The documentation I have asks me to create a REG_DWORD
with a value of 1 to apply the fix.

>-----Original Message-----
>
>"Clarence Chase" <Clarence.Chase@science.doe.gov> wrote
in message
>news:03ed01c2d9c9$9cc31640$3001280a@phx.gbl...
>> After a recent vulnerability scan, the LM Hash issue was
>> discovered. Article Q299656 mentions clearly that this
>> only applies to Win2k SP2 and mentions that successor
>> versions of Win2k remove the group policy.
>>
>> 1) Will upgrading to SP3 automatically fix the LM Hash
>> issue?
>
>No. What the article is saying is that if you want to
use this registry
>setting to remove the older LM-style password hashes from
your user
>databases, upgrade to SP 2 or newer first, then manually
change the registry
>setting [which is all a good thing to do IMHO].
>
>> 2) Should I even worry about this issue on NT 4 servers?
>
>Not this patch, but you do want to look into registry
settings to remove
>LM-style password hashes. This requires NT SP 4 or newer.
>
>Note that in addition to the password hash format used to
store password
>hashes in the registry, you also want to consider
changing the format used
>to transmit password hashes during authentication across
the network.
>
>Password hashes can be stored and transmitted in multiple
formats. The
>default format is to permit the use of LM [LanManager
compatible] hashes in
>addition to or instead of other more secure hash formats.
>
>
>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.449 / Virus Database: 251 - Release Date:
1/27/2003
>
>
>.
>

Relevant Pages

  • Re: LM HASHES
    ... > 1) Will upgrading to SP3 automatically fix the LM Hash ... What the article is saying is that if you want to use this registry ... setting to remove the older LM-style password hashes from your user ... Note that in addition to the password hash format used to store password ...
    (microsoft.public.win2000.security)
  • RE: Extracting NT password hashes from registry export file
    ... Extracting NT password hashes from registry export file ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ...
    (Pen-Test)
  • Re: Extracting NT password hashes from registry export file
    ... Extracting NT password hashes from registry export file ... > This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Extracting NT password hashes from registry export file
    ... Extracting NT password hashes from registry export file ... registry export text file of a Win2K server. ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ...
    (Pen-Test)
  • Re: No LM Hash - no really
    ... How about making the change in the Group Policy MMC instead of the registry? ... > i can then go back to the domain controller, dump the AD password hashes. ... Maybe run a second cracking tool to confirm there really is an LMHash? ... *before* you run a crack, ...
    (microsoft.public.win2000.security)