Uninformed: Informative Information for the Uninformed

Vol 3» 2006.Jan


Breaking encrypted passwords has been of interest to hackers for a long time, and protecting them has always been one of the biggest security problems operating systems have faced, with Microsoft's Windows being no exception. Due to errors in the design of the password encryption scheme, especially in the LanMan(LM) scheme, Windows has a bad track in this field of information security. Especially in the last couple of years, where the outdated DES encryption algorithm that LanMan is based on faced more and more processing power in the average household, combined with ever increasing harddisk size, made it crystal clear that LanMan nowadays is not just outdated, but even antiquated.

Until now, breaking the LanMan hashed password required somehow accessing the machine first of all, and grabbing the password file, which didn't render remote password breaking impossible, but as a remote attacker had to break into the system first to get the required data, it didn't matter much. This paper will try to change this point of view.