0

Why does Microsoft still use LM/NTLM for hashing of password? Why are they not using more secure algorithms for hashing like BCRYPT or SHA512?

99Con
  • 427
  • 3
  • 8
  • 1
    "Why use a closed source product where you can not change it when you could use open source software. " is just as valid a question. I would suggest you contact your local Microsoft representative if you really want to know. Or simply use different software. – LvB Feb 19 '18 at 17:06
  • IIS is also using RC4 with MD5 – Aria Feb 19 '18 at 17:49
  • @Aria For what? – Polynomial Feb 19 '18 at 17:56
  • Windows 10 Anniversary Edition updated the password scheme to use a new hash scheme using AES128 and MD4, so the old NTLMv2 is technically deprecated (not to mention NTLMv1 and LanMan hashes). – Polynomial Feb 19 '18 at 18:01
  • @Polynomial for TLS – Aria Feb 19 '18 at 19:23
  • @Aria How is that relevant to Windows domain credentials? (they're also not using MD5 at all in any recent version of IIS) – Polynomial Feb 22 '18 at 15:29
  • @Polynomial this has nothing to do with credentials, just example windows sometimes is using outdated tech for long time – Aria Feb 22 '18 at 16:58
  • @Aria That's more of an SSL/TLS problem than an OS one. – Polynomial Feb 22 '18 at 17:42

1 Answers1

2

Two reasons: backwards compatibility and threat model assessment. Microsoft uses Kerberos over the open Internet, but NTLM within a network. The reasoning is that if your network has already been pwned, using a more secure algorithm offers no benefit. Internal applications also within an organization also tend to run older versions of the OS (XP, mostly), so allowing NTLM lets corporations to continue to use their older hardware and software.

phyrfox
  • 5,724
  • 21
  • 24
  • 3
    NTLMv2 is no longer the default for credential storage as of Windows 10 Anniversary Update and Windows Server 2016. – Polynomial Feb 19 '18 at 18:10
  • @Polynomial Yeah, for those organizations that actually upgrade. My point is simply that most organizations choose to run older versions for cost reasons (our call centers are still using Win 7, for example), so backwards compatibility trumps security. Microsoft has always been hesitant to cut off their clients at the knees, even for such an altruistic purpose as improved security for their clients. – phyrfox Feb 19 '18 at 18:21
  • 1
    "if your network .... using a more secure algorithm offers no benefit": This makes very little sense. If I steal the password database and run it through hashcat to get cleartext passwords, this is obviously a bad thing for all the people who have their passwords compromised, and might open additional doors for the attacker. Using a better hash function would cleary offer a benefit (e.g. much less compromised passwords). – Out of Band Feb 19 '18 at 23:58
  • @Pascal LM/NTLM is about protecting the credentials on the wire across a local network. If I can read your passwords from NTLM, that means I've pwned your router/switch and I can read all of your network data. I don't need to hack your database if I can get your NTLM traffic. Think about that. By the time I'm able to read your NTLM-protected passwords, I can likely shape the traffic any way I want, set up MITM attacks, and more. Note that NTLM is not used over public Internet for this reason (Kerberos is used instead). – phyrfox Feb 20 '18 at 00:41
  • I was thinking more along the line that people often reuse the same passwords, so knowing a plaintext password will give the attacker an opportunity to, say, take over E-mail accounts, Google accounts etc. – Out of Band Feb 20 '18 at 18:49