Windows NT passwords.

Martyr

I'm sure most people here are aware of the weakness in NT
passwords, in particular, Lanman.
My question is, how many of you that own an NT server or Client actually implement NTLM2?
I recently dumped passwords on an XP machine anticipating
an encrypted hash different from NTLM1, but as it happened I
realised it was the same result of NTLM1, which surprised me a little.
I don't have access to a Windows 2000 server or Client.
Are passwords on these systems with latest
service pack installed still using Lanman & NTLM1 procedures?
Do you think that NTLM2 is sufficient enough to secure against
most password attacks?
What would you recommend at least, in number of characters
with a password?
Is it even an important issue?

Thanks in advance.

Capt'n Midnight

I think it was passfilt.dll or some such that forces users to use passwords with a mix of case / numbers / non-alphanumeric chars - but thisk blocks 95/98 from connecting.

Also set it to remmeber as many of the old PW's as possible - so users can't swap between two ones. Then there are the decisions re PW age and the compromise between the lockout time and number attempts ..

Can't remember if they ever fixed the 8 char problem in password length (ie. no point in using pw's longer than 8 chars 'cos the lanman hash means it takes at most twice as long to crack)

PS. if you are trying to protect a standalone PC then your only option would be to try encryption - but M$'s record on data loss this way is bad - apply ALL patches first and make backup disks - there is one that stores passwords and don't encrypt the system partition..
If you don't encrypt then all files on the drive can be accessed by a boot disk with NTFS dos on it. (Or Knppix boot cd if you want network access)

Martyr

I found an interesting article some time ago on NT passwords.
http://www.securityfriday.com/Topics/win2k_passwd.html
There was also a Powerpoint presentation on the creation
of Windows Network passwords, including NTLM2.
I expect Windows viruses in future take advantage of the weaknesses described, in order to gain access to resources,which many naive administrators, believe it or not, think are "safe" if a password is set.

Many pessimists & "experts" have doubted the possibility
of brute force / default password attack.
We've seen an ill attempt to use dictionary, which isn't feasible
in terms of speed and access/size.

Over a local network, how long could it possibly take to
guess a 7 character password with Win9x or 1 character with
unpatched Win9x?

Its a little too much of my time spent looking into it.
But I think it is worth mentioning.
Why? Because its always the same people who complain
about current events concerning viruses affecting them.

Its always the same companies coming to the rescue over
avoidable incidents.
Wasted time & money.
Not that there is anything wrong with a technician making
a living..not at all.

But atleast educate people about whats going on, rather
than use complicated terms to explain simple matters.

Capt'n Midnight

AFAIK
Brute force - there is a way of tricking unpatched exchange 2000 servers into doing 10,000 password validations per minute..

At one time 80% of computer paswords were girls forenames ...