Re: Disabling LM Hash creation

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 15:56:10 GMT

I use Cain and Abel and my experience is that after disabling lm hash and
resetting the passwords that the passwords are much more difficult to crack.
Try this with lm hash disabled. Change a password to some thing like aT184
!*ir&h and see how long it takes to recover that password. --- Steve

"rusga" <reply2newsgroup@nntp> wrote in message
news:opse3bf0qjeqwqha@207.46.248.16...
> Hi,
>
> I've pasted this followup here since it's the proper NG to do so.
> It's named "Disabling LM Hash creation" in
> microsoft.public.win2000.registry.
>
> (paste start)
>
> Ok...
>
> What I did was:
>
> a) Changed the key to "NoLMHash" (no spaces).
> b) Rebooted the system.
> c) Changed the passwords.
> d) Tried to crack them with LC4.
>
> ... the setting was now active, but according to LC4, what happened was:
>
> a) The LM and NTLM passwords changed to an *empty* state to all users
> afected.
> b) The LM and NTLM hashes *were created anyway*.
> c) The LM and NTLM hashes were *the same for all users* afected (same
> empty seed).
>
> Now, these few questions arise:
>
> a) Isn't this a worse security scenario?
> b) Shouldn't the key be renamed to "Blank_LM/NTLM_Passwords" (or the
> like)?
> c) Am I seeing it wrongly?
>
> Regards,
> rusga
>
>
> On Wed, 29 Sep 2004 11:05:26 +0100, rusga <reply2newsgroup@nntp> wrote:
>
> Oops! That's it.
>
> I'll try it and post back.
>
> Thank you,
> rusga
>
> On Thu, 30 Sep 2004 02:39:31 -0700, Mark V <notvalid@nul.invalid> wrote:
>
> In microsoft.public.win2000.registry rusga wrote:
>
> Hi,
>
> In MS checklist
> ( http://207.46.156.156/technet/images/security/prodtech/win2000/wi
> n2khg/images/win2k45_BIG.gif ) there's the possibility of
> disabling the creation of LM hashes by creating the folowing new
> key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLM Hash
>
> ... but, unfortunately, it doesn't seem to work since LC4 cracker
> still get's them.
>
> What am I doing wrong here?
>
> I think the KeyName is: NoLMHash
> If you had a SPACE in there (as did your cited (but incorrect)
> article) it would fail.
>
> There is a Group Policy that would probably be better and easier to
> use.
> KBA 299656
> "How to prevent Windows from storing a LAN manager hash of your
> password in Active Directory and local SAM databases"
>
> (paste end)
>
> Regards,
> rusga

Relevant Pages

  • Re: Password hashes
    ... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows XP / 2K3 Default Users
    ... Cracking the 'passwords' has never been ... The gist of the 'technique' is the "Modifying Windows NT Logon Credential" ... existing windows applications that use the hash currently set to ... and then re-use those hashes to try to get authenticated access to other ...
    (Pen-Test)
  • Re: Decrypt fails
    ... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
    (microsoft.public.platformsdk.security)
  • Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
    ... hash security. ... > generating dictionary lists using different character sets for the ... secure or it isn't, for the level of computation possible by today's ... Yes, good passwords are always a must, along with a good ...
    (Full-Disclosure)
  • Re: Password hashes
    ... There is no such thing as an NTLMV2 hash. ... While I am a believer of enforcing complex passwords the bigger issue is if ... computers you need to review the physical security of your computers. ... > broken up into two 7 character units. ...
    (microsoft.public.windowsxp.security_admin)