The purpose of this document is to assist IT staff on campus to effectively eliminate the use of LM hashed passwords.
Windows passwords are stored in two separate one-way hashes - a LM hash required by legacy clients; and an NT hash. A windows password is stored in the LM hash using the following algorithm:
Due to this weak algorithm, the problem of cracking a LM hashed password is reduced to cracking one or possibly two 7 character passwords without regard to upper or lower case. A rather small keyspace by modern standards. Tools have now become available, such as RainbowCrack, that make cracking the password stored as a LM hash a trivial task. To top it off, older Microsoft systems store the LM hash by default. The NT hash on the other hand is considered secure.
The goal of this effort is to eliminate the storage of LM hash at the University of Waterloo. This process needs to be undertaken on both clients and servers. Servers with many user accounts, such as domain controllers, pose an especially high risk due to the number of passwords that can be harvested.
By removing the LM hash, we reduce the risk of an attacker harvesting user names and passwords from Windows systems. An attacker who successfully harvested LM hash values would have an easy time converting these hashes into the usable passwords. Once armed with these passwords, an attacker could successfully attack many other Windows systems on campus by simply authenticating to them with the stolen credentials. This attack would propagate as the attacker repeated stealing credentials on the newly compromised systems and iterated the process. Removing the LM hash from all Windows systems stops this attack. Windows passwords will only be stored in the NT hash, which is much more difficult to crack.
Before disabling LM hashing on Windows, it is important to understand what services might depend on it. Common services are older Samba servers and web servers that may be using dated authentication modules.
client lanman auth = no lanman auth = no lm announce = no min protocol = NT1
See the smb.conf man page for further details on the above directives.
pam_smb is a Pluggable Authentication Module (PAM) for UNIX systems which support the PAM featureset. It allows authentication of UNIX users against SMB servers (both Windows and Unix/Samba). Most uses of this module on campus were to authenticate against one of the campus Active Directories.
It is recommended that Unix systems authenticate against Active Directory by using the pam_krb5 authentication module instead of pam_smb. Some guidance may be found here.
Systems administrators, particularly those who run xhiered Apache 1.3 servers will likely find a config fragment similar to the following in their web server configuration:
AuthName UWDir AuthType Basic PerlAuthenHandler Apache::AuthenSmb PerlSetVar myDomain ads.uwaterloo.ca PerlSetVar myPDC ... SSLRequireSSL
Systems administrators running Apache 1.3 need to move to version 2.0 and make use of the CAS authentication module.
Microsoft provides instructions for disabling LM hashing here. Settings should also be changed so that domain controllers do not accept LM hashes. This is done by setting the LMCompatibility level to 4 on domain controllers.
LM password hashes located in authentication stores are not removed when LM hashing is disabled. In order to invalidate LM hashes stored in an authentication store, all users with passwords less than 15 characters must change their passwords.
LAN Manager (LM) Hash Eradication (Lawrence Berkeley National Laboratory)
How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
Technet Magazine:Security Watch:The Most Misunderstood Windows Security Setting of All Time (LMCompatibilityLevel)
[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol Specification
Last updated: September 2, 2010 (Jason Testart)
Last reviewed: N/A