HN

Need help?
<- Back
Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation

Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation

linolevan

Comments (73)

  • tialaramex
    To be vulnerable to this, what sort of dumb things are end users doing?I couldn't immediately figure out here whether we're talking0. Microsoft's supported products default enable this worthless "authentication" feature1. Microsoft's supported products provide such a feature behind a UI that's not clearly marked "Danger: Do not stare into laser with remaining eye"2: Microsoft does still support this, behind some Registry nonsense most users do not understand and once enabled it doesn't turn on the "I am a toxic waste dump, leave by nearest exit" warning signs on affected machines3: Microsoft doesn't support this at all but some 3rd party commercial stuff does and customers really do love their crusty archaic 3rd party garbage4: But this long abandoned SCO machine we've kept on life support for twenty years!5: What does "supported" mean? Windows NT is scary, we're still on Windows 98 here.
  • londons_explore
    Really curious how this was discussed with the legal team..."We're releasing hacking tools to allow others to break into poorly secured computer systems... But we are doing it with good intentions so it won't be illegal right??"
  • dbetteridge
    I recall using ntlm rainbow tables to crack windows hashes in high school in like 2008?Amazing that this is still around and causing someone enough of a headache to justify spending money on.Also amazing what a teenager with lots of free time and a bootable Linux usb can get up to.
  • observationist
    This empowers script kiddies, but not significantly moreso than they already were. Of all the places this is still in use, they've been exposed for years, so this isn't likely to result in a a bunch of new exploitations.However, it's most likely to be used by governments, with legacy servers that are finicky, with filesharing set up that's impacted other computers configured for compatibility, or legacy ancient network gear or printers.I wonder who they're pushing around, and what the motivation is?
  • nubskr
    Mandiant releases rainbow tables for a 25 year old broken protocol because enterprises still won't disable it. It seems like sometimes the best security tool is just making the risk impossible to ignore.
  • Sytten
    Yeah that protocol is very very broken. I recently did an ntlm plugin implementation for Caido [1] and I had to fork our crypto JS module to add back MD4 and 3DES.[1] https://github.com/caido-community/ntlm
  • archi42
    For those interested: The SHA512 file lists 4096 files. Each file is 2 GiB. That means 8 TiB (or about 8.6 TB) of storage required.
  • themafia
    And terrorism is just an abstract way of securing underprepared government facilities.
  • davidkellis
    Didn't l0phtcrack do this like 25 years ago?
  • 1970-01-01
    They're just dumping them out as 2GB blobs onto a cloud? Where is the zippy search UI? Very lazy behavior for the hyper giant Google.
  • BrandoElFollito
    This is like reminding that there are CVSes from 2010. Yes there are. And there are plenty of vulnerable systems.They decided to not fix the vulns (either directly by not patching, or indirectly by not investing in cybersecurity). So exploiting them is somehow an act of mercy. They may not know they have a problem and they have an opportunity to learn.Let's just hope they will have white or gray-ish hats teaching the lesson
  • ubuntulover2011
    pretty cool
  • TacticalCoder
    Holy smoke. I honestly thought the 90s called and wanted their Windows exploits back (TFA mentions 1999). I do remember talk about this from many moons ago.But we are in two-thousand-twenty-FUCKING-six.It's unbelievable. Just plain unbelievable.
  • postepowanieadm
    Can't wait for someone to decide one of protocols used by google needs to be deprecated.
  • aunty_helen
    > under 12 hours using consumer hardware costing less than $600 USDGreat, so someone with half a motherboard can break this hash
  • bflesch
    I wonder how the Mandiant acquisition is regarded within google.Was it a success? Is Mandiant a cash cow or was it basically an acquihire?The big "contact mandiant" button next to the post feels a bit like trying to stay relevant and acquire more customers.
  • schmuckonwheels
    "To demonstrate how crappy most front door locks are, to boost our company's social media cred we will be leaving drills and a dish of bump keys at the entrance of the neighborhood."