Re: Password hashing in Windows 2003.

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/19/04

Next message: Steve: "2003 Terminal Server Cluster and Printing"
Previous message: Daine: "Event ID: The COM+ Event System failed to create"
In reply to: Jeff3: "Password hashing in Windows 2003."
Next in thread: Laura A. Robinson [MVP]: "Re: Password hashing in Windows 2003."
Reply: Laura A. Robinson [MVP]: "Re: Password hashing in Windows 2003."
Messages sorted by: [ date ] [ thread ]

Date: Thu, 19 Aug 2004 14:51:50 +0200

Hi Jeff,

If you use passwords shorter then 14 characters for your password then it
will still use LM "Hash" to passwords. If you use more then 14 characters
then it will automatically use NTLM Hash. This is by default behavior.

For network authentication you can still set your domain policy (or local
policy) and set server and your clients to use only NTLM. You can even force
server and clients to not accept LM "Hash" at all...

NTLM hashes are much more secure, but still relay on password complexity. If
I only use for password latter "A" it will be very easy to figure it out
even if you have it NTLM hashed.
Majority of tools that can crack LM "hashes" can't crack NLTM, but they can
run brute force attack against them. You can even buy few billions of
pre-computed hashes and run them against hashes that you extracted with e.g.
pwdump.

I hope this information helps,

Mike

"Jeff3" <Jeff3@discussions.microsoft.com> wrote in message
news:0EDE2E74-BE0A-40EC-B8A1-329FB92AEF6E@microsoft.com...
> Does anyone know if the password hashing in win 2003 is more complex than
in
> previous versions?

Next message: Steve: "2003 Terminal Server Cluster and Printing"
Previous message: Daine: "Event ID: The COM+ Event System failed to create"
In reply to: Jeff3: "Password hashing in Windows 2003."
Next in thread: Laura A. Robinson [MVP]: "Re: Password hashing in Windows 2003."
Reply: Laura A. Robinson [MVP]: "Re: Password hashing in Windows 2003."
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: No LM Hash - no really
... but it has LM "Hash" and not NTLM hash. ... actually attack first 7 characters separately from second 7 characters (LH ... Even with NTLM hash you will still need password complexity -- NTLM does no ... You mentioned that you have the policy set at Default Domain Policy. ...
(microsoft.public.win2000.security)
Re: sa password
... I have not attempted to crack hashes, ... Assume that a one-way hash function follows all of the properties listed ... above and the best way to attack it is by using brute force. ... My recollection is that passwords can be up to 128 characters. ...
(microsoft.public.sqlserver.security)
Re: Password Management
... Hash: SHA1 ... it is broken down into hashes. ... two hashes, one that is 7 characters full, one that only has 2 ... NTLMv2 and/or Kerberos (the default if you have a modern Win2K3 domain filled with XP clients). ...
(Security-Basics)
Re: NT4 password limited to 14 characters ?
... NTLM, NTLMv2, and Kerberos all use the NT hash ... LM hashes are generated only if both of these are true: ... the User Manager wouldn't permit you to enter a password longer than 14 characters. ... NTLMv2 has a maximum length of 127 Unicode characters or 254 Ascii ...
(microsoft.public.windows.server.security)
Re: Password hashes
... There are only LM and NTLM hashes. ... There is an NTLMv2 hash but it is not stored. ... authenticating to the network. ... Auditing and reviewing the security logs ...
(microsoft.public.windowsxp.security_admin)