The document explains the concepts of password hashing in Windows systems, detailing the differences between LM and NTLM hashes. It highlights the security vulnerabilities of LM hashes, the implementation of NTLM hashes using the MD4 algorithm, and the significance of salting in preventing rainbow table attacks. Additionally, it discusses various types of brute force attacks and provides examples of real-world password cracking incidents.

1. RAINBOW TABLES LM & NTLM HASHES By:- Rahul Sharma TE COMPUTERS T3224245

2. How Windows Store Passwords??LM “hashes”

3. Old technology used on LAN Manager

4. NT hashes

5. Unicode password or MD4 hash

6. Used for authentication on more recent Windows systemsHow a Hash looks Like??E52CAC67419A9A224A3B108F3FA6CB6D

7. LM “Hash” Generation

8. how to create the hash

9. LM hashes

10. Overview

11. Proof that case doesn’t matterPassword = E52CAC67419A9A22 4A3B108F3FA6CB6D PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D Password1 = E52CAC67419A9A22 38F10713B629B565

12. NTLM HASHESUses MD4 algorithm to create a hash of the mixed-case passwordResults in a 16 byte hash of the password (stored in the SAM…)Used for any password greater than 14 characters

13. NTLM HASH

14. Proof that case DOES matterPassword = F15ABD57801840F3348DDCCAFB677F6A PaSSwORd = 17504CE07C0A0D4A1BD3A99A0821F957 Password1 = F9A3152D926F9FF898D0BAFBA0BFFD30

15. NTLM Hash ConsiderationsCase preservingMaximum length = 127 charactersBetter Security than LM HashesNumber of ≤14-character password (full char set) ≈ 2.7*1067Number of 127-character passwords ≈ 4.9*10611

16. ATTACKS ON PASSWORDS….

19. What is a Brute Force Attack?

20. Types of Brute Force attacks: Online B.F. Offline B.F.Can be prevented :-limit number of login attempts

23. ReduceHashHashReduceReduce

25. Algorithm followed:-

26. HashReduceReduceHashReduceHashReduceHash

28. IS THIS EFFECTIVE???

29. How to prevent rainbow tables from cracking passwords??

30. What is SALT??Special text or code.It does password strengtheningSOME FACTS:-Windows doesn't salt its hash!

31. This makes it possible to speed up password cracking with precomputed Rainbow Tables

32. LINUX uses SALT….PROOFHere are two accounts on a Windows 7 Beta machine with the password 'password'This hash is from a different Windows 7 Beta machine