LAN Manager

Last updated
LAN Manager
Developer Microsoft, 3Com
OS family OS/2
Working stateDiscontinued
Source model Closed source
Initial release1987;37 years ago (1987)
Final release 2.2a / 1994;30 years ago (1994)
Marketing target Local area networking
Update methodRe-installation
Package manager None
Platforms x86
License Proprietary
Preceded by MS-Net, Xenix-NET, 3+Share
Succeeded by Microsoft Windows NT 3.1

LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

Contents

History

The LAN Manager OS/2 operating system was co-developed by IBM and Microsoft, using the Server Message Block (SMB) protocol. It originally used SMB atop either the NetBIOS Frames (NBF) protocol or a specialized version of the Xerox Network Systems (XNS) protocol. These legacy protocols had been inherited from previous products such as MS-Net for MS-DOS, Xenix-NET for MS-Xenix, and the afore-mentioned 3+Share. A version of LAN Manager for Unix-based systems called LAN Manager/X was also available. LAN Manager/X was the basis for Digital Equipment Corporation's Pathworks product for OpenVMS, Ultrix and Tru64. [1]

In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support for TCP/IP as a transport protocol for SMB, using NetBIOS over TCP/IP (NBT). The last version of LAN Manager, 2.2, which included an MS-OS/2 1.31 base operating system, remained Microsoft's strategic server system until the release of Windows NT Advanced Server in 1993. [2]

Versions

Many vendors shipped licensed versions, including:

Password hashing algorithm

The LM hash is computed as follows: [3] [4]

  1. The user's password is restricted to a maximum of fourteen characters. [Notes 1]
  2. The user's password is converted to uppercase.
  3. The user's password is encoded in the System OEM code page. [5]
  4. This password is NULL-padded to 14 bytes. [6]
  5. The “fixed-length” password is split into two 7-byte halves.
  6. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a parity bit after every seven bits (so 1010100 becomes 10101000). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The parity bits added in this step are later discarded.)
  7. Each of the two keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, [Notes 2] resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set to NONE.
  8. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

Security weaknesses

LAN Manager authentication uses a particularly weak method of hashing a user's password known as the LM hash algorithm, stemming from the mid-1980s when viruses transmitted by floppy disks were the major concern. [7] Although it is based on DES, a well-studied block cipher, the LM hash has several weaknesses in its design. [8] This makes such hashes crackable in a matter of seconds using rainbow tables, or in a few minutes using brute force. Starting with Windows NT, it was replaced by NTLM, which is still vulnerable to rainbow tables, and brute force attacks unless long, unpredictable passwords are used, see password cracking. NTLM is used for logon with local accounts except on domain controllers since Windows Vista and later versions no longer maintain the LM hash by default. [7] Kerberos is used in Active Directory Environments.

The major weaknesses of LAN Manager authentication protocol are: [9]

  1. Password length is limited to a maximum of 14 characters chosen from the 95 ASCII printable characters.
  2. Passwords are not case sensitive. All passwords are converted into uppercase before generating the hash value. Hence LM hash treats PassWord, password, PaSsWoRd, PASSword and other similar combinations same as PASSWORD. This practice effectively reduces the LM hash key space to 69 characters.
  3. A 14-character password is broken into 7+7 characters and the hash is calculated for each half separately. This way of calculating the hash makes it dramatically easier to crack, as the attacker only needs to brute-force 7 characters twice instead of the full 14 characters. This makes the effective strength of a 14-character password equal to only , or twice that of a 7-character password, which is 3.7 trillion times less complex than the theoretical strength of a 14-character single-case password. As of 2020, a computer equipped with a high-end graphics processor (GPUs) can compute 40 billion LM-hashes per second. [10] At that rate, all 7-character passwords from the 95-character set can be tested and broken in half an hour; all 7-character alphanumeric passwords can be tested and broken in 2 seconds.
  4. If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, a password is less than or equal to 7 characters long can be identified visibly without using tools (though with high speed GPU attacks, this matters less).
  5. The hash value is sent to network servers without salting, making it susceptible to man-in-the-middle attacks such as replay the hash. Without salt, time–memory tradeoff pre-computed dictionary attacks, such as a rainbow table, are feasible. In 2003, Ophcrack, an implementation of the rainbow table technique, was published. It specifically targets the weaknesses of LM encryption, and includes pre-computed data sufficient to crack virtually all alphanumeric LM hashes in a few seconds. Many cracking tools, such as RainbowCrack, Hashcat, L0phtCrack and Cain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.

Workarounds

To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the NTLMv1 protocol in 1993 with Windows NT 3.1. For hashing, NTLM uses Unicode support, replacing LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%") by NThash=MD4(UTF-16-LE(password)), which does not require any padding or truncating that would simplify the key. On the negative side, the same DES algorithm was used with only 56-bit encryption for the subsequent authentication steps, and there is still no salting. Furthermore, Windows machines were for many years configured by default to send and accept responses derived from both the LM hash and the NTLM hash, so the use of the NTLM hash provided no additional security while the weaker hash was still present. It also took time for artificial restrictions on password length in management tools such as User Manager to be lifted.

While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLMv2 or Kerberos authentication methods, Windows systems before Windows Vista/Windows Server 2008 enabled the LAN Manager hash by default for backward compatibility with legacy LAN Manager and Windows ME or earlier clients, or legacy NetBIOS-enabled applications. It has for many years been considered good security practice to disable the compromised LM and NTLMv1 authentication protocols where they aren't needed. [11] Starting with Windows Vista and Windows Server 2008, Microsoft disabled the LM hash by default; the feature can be enabled for local accounts via a security policy setting, and for Active Directory accounts by applying the same setting via domain Group Policy. The same method can be used to turn the feature off in Windows 2000, Windows XP and NT. [11] Users can also prevent a LM hash from being generated for their own password by using a password at least fifteen characters in length. [6] —NTLM hashes have in turn become vulnerable in recent years to various attacks that effectively make them as weak today as LanMan hashes were back in 1998.[ citation needed ]

Reasons for continued use of LM hash

Many legacy third party SMB implementations have taken considerable time to add support for the stronger protocols that Microsoft has created to replace LM hashing because the open source communities supporting these libraries first had to reverse engineer the newer protocols—Samba took 5 years to add NTLMv2 support, while JCIFS took 10 years.

Availability of NTLM protocols to replace LM authentication
ProductNTLMv1 supportNTLMv2 support
Windows NT 3.1 RTM (1993)Not supported
Windows NT 3.5 RTM (1994)Not supported
Windows NT 3.51 RTM (1995)Not supported
Windows NT 4 RTM (1996)Service Pack 4 [12] (25 October 1998)
Windows 95 Not supportedDirectory services client (released with Windows 2000 Server, 17 February 2000)
Windows 98 RTMDirectory services client (released with Windows 2000 Server, 17 February 2000)
Windows 2000 RTM (17 February 2000)RTM (17 February 2000)
Windows Me RTM (14 September 2000)Directory services client (released with Windows 2000 Server, 17 February 2000)
Samba  ?Version 3.0 [13] (24 September 2003)
JCIFSNot supportedVersion 1.3.0 (25 October 2008) [14]
IBM AIX (SMBFS)5.3 (2004) [15] Not supported as of v7.1 [16]

Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled in Active Directory itself.

Lastly, prior to the release of Windows Vista, many unattended build processes still used a DOS boot disk (instead of Windows PE) to start the installation of Windows using WINNT.EXE, something that requires LM hashing to be enabled for the legacy LAN Manager networking stack to work.

See also

Notes

  1. If the password is more than fourteen characters long, the LM hash cannot be computed.
  2. The string “KGS!@#$%” could possibly mean Key of Glen and Steve and then the combination of Shift + 12345. Glen Zorn and Steve Cobb are the authors of RFC 2433 (Microsoft PPP CHAP Extensions).

Related Research Articles

Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.

<span class="mw-page-title-main">Server Message Block</span> Network communication protocol for providing shared access to resources

Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism.

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity as well as authenticate itself to the connecting entity by declaring the type of information needed for authentication as well as syntax. It is the most important layer of protection needed for secure communication within computer networks.

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.

Integrated Windows Authentication (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT-based operating systems. The term is used more commonly for the automatically authenticated connections between Microsoft Internet Information Services, Internet Explorer, and other Active Directory aware applications.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

NTLMSSP is a binary messaging protocol used by the Microsoft Security Support Provider Interface (SSPI) to facilitate NTLM challenge-response authentication and to negotiate integrity and confidentiality options. NTLMSSP is used wherever SSPI authentication is used including Server Message Block / CIFS extended security authentication, HTTP Negotiate authentication and MSRPC services.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP).

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passwords falls into the hands of an attacker, they can use a precomputed rainbow table to recover the plaintext passwords. A common defense against this attack is to compute the hashes using a key derivation function that adds a "salt" to each password before hashing it, with different passwords receiving different salts, which are stored in plain text along with the hash.

SMBRelay and SMBRelay2 are computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines. They were written by Sir Dystic of CULT OF THE DEAD COW (cDc) and released March 21, 2001 at the @lantacon convention in Atlanta, Georgia. More than seven years after its release, Microsoft released a patch that fixed the hole exploited by SMBRelay. This fix only fixes the vulnerability when the SMB is reflected back to the client. If it is forwarded to another host, the vulnerability can be still exploited.

<span class="mw-page-title-main">Ophcrack</span> Windows password cracker

Ophcrack is a free open-source program that cracks Windows log-in passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows, and can be ran via the command line or using the program’s GUI. On most computers, ophcrack can crack most passwords within a few minutes.

Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings.

Security Support Provider Interface (SSPI) is a component of Windows API that performs security-related operations such as authentication.

In computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password to gain access with stealing the hash.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

MS-Net, sometimes stylized as MS-NET, was a network operating system sold by Microsoft in the 1980s, the earliest days of local area networking.

References

  1. Andy Goldstein (2005). "Samba and OpenVMS" (PDF). de.openvms.org. Archived from the original (PDF) on 2021-02-07. Retrieved 2021-01-01.
  2. "DOS SMB Client Performance | OS/2 Museum" . Retrieved 2023-08-28.
  3. "Chapter 3 - Operating System Installation". Microsoft Docs . 24 March 2009. The LMHash. Retrieved 2023-10-16.
  4. Glass, Eric (2006). "The NTLM Authentication Protocol and Security Support Provider: The LM Response" . Retrieved 2015-05-12.
  5. "List of Localized MS Operating Systems". Microsoft Developer Network . Archived from the original on 2015-05-18. Retrieved 2015-05-12.
  6. 1 2 "Cluster service account password must be set to 15 or more characters if the NoLMHash policy is enabled". Microsoft. 2006-10-30. Archived from the original on 2014-09-10. Retrieved 2015-05-12.
  7. 1 2 Jesper Johansson (31 August 2016). "The Most Misunderstood Windows Security Setting of All Time". Microsoft Docs . Microsoft. Retrieved 16 October 2023. Although Windows Vista has not been released yet, it is worthwhile to point out some changes in this operating system related to these protocols. The most important change is that the LM protocol can no longer be used for inbound authentication—where Windows Vista is acting as the authentication server.
  8. Johansson, Jasper M. (2004-06-29). "Windows Passwords: Everything You Need To Know". Microsoft . Retrieved 2015-05-12.
  9. Rahul Kokcha
  10. Benchmark Hashcat v6.1.1 on RTX 2070S (SUPER), Mode 3000 LM, accessed November 29, 2020
  11. 1 2 "How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases". Microsoft Docs . 2007-12-03. Retrieved 2023-10-16.
  12. "Windows NT 4.0 Service Pack 4 Readme.txt File (40-bit)". Microsoft. 1998-10-25. Archived from the original on 2015-05-19. Retrieved 2015-05-12.
  13. "The Samba Team announces the first official release of Samba 3.0". SAMBA. 2003-09-24. Retrieved 2015-05-12.
  14. "The Java CIFS Client Library" . Retrieved 2015-05-12.
  15. "AIX 5.3 Networks and communication management: Server Message Block file system". IBM. 2010-03-15. p. 441. Retrieved 2015-05-12.
  16. "AIX 7.1 Networks and communication management: Server Message Block file system". IBM. 2011-12-05. Retrieved 2015-05-12.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.