Novell gets $4 million in first fraud upgrade trial

NT hackers warn of easy password interception, Al Berg. Just a short period of time after showing how passwords could be stolen by anyone with access to a Windows NT server, a Boston, Massachusetts-based group of hackers has released LOPHTCrack 1.5, which brings this capability out of the server closet. Unlike the original version of LOPHTCrack, the new version does not require an attacker to have physical access to a server's console to obtain valid usernames and passwords. Using a network analyser, an attacker can capture the response sequence used by Windows NT to authenticate users and feed these into the LOPHT program, which can spit out both usernames and passwords. Once the password and username packets have been intercepted, LOPHTCrack takes a two-step approach to decrypting the passwords. First, a dictionary attack is made in which words in a usersupplied text file are encrypted and compared with the encrypted NT passwords. If the encrypted word matches the password hash, the password has been found. Passwords that don't appear in the dictionary file are attacked using a brute-force attack in which all possible combinations of characters are encrypted for each password until a match is found. The group claims that a 200 MHz Intel Pentium Pro can extract 100 passwords using an 8 Mb dictionary file in less than a minute. Brute-force attacks take much longer -10 passwords can be forced in about 26 hours, assuming that the passwords all use alphabetic characters only. LA NTimes, August 18, 1997, p. 16.