this post was submitted on 20 Oct 2023
1525 points (98.9% liked)
Programmer Humor
32425 readers
1039 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
True on the digit by digit code decryption. That I can forgive in the name of building tension and "counting down" in a visible way for the movie viewer. "When will it have the launch code?!" "In either 7 nano seconds or 12 years..."
If they had been more accurate, it would have looked like the Bender xmas execution scene from Futurama:
https://www.youtube.com/v/aRdRZ6TKo4s?t=25s
I did like the fact that they showed war-dialing and doing research to find a way into the system. It's also interesting that they showed some secure practices, like the fact there was no banner identifying the system or OS, giving less info to a would be hacker. Granted, now a days it would have the official DoD banner identifying it as a DoD system.
I remember with Windows 95, LAN Manager passwords were hashed in two 7 digit sections which made extracting user password from the password hash file trivial:
https://techgenix.com/how-cracked-windows-password-part1/
Looks like it was worse than I remember. The passwords were first converted to all upper case first!
Pretty sure that you're thinking of an additional, unrelated security hole. I recall that there were attacks against NTLM hashed passwords too -- IIRC, one could sniff login attempts against Windows fileservers on the same network, extract hashed passwords going by on the network, and then run dictionary attacks against them, which sounds like the exploit being described at your link. That was actually worse in that it also affected the (more-widely-used in production in businesses for serious things) Windows NT servers.
The hole I was attacking was specific to the fileserver in the 9x line, and it wasn't a weak hash or unsalted hash, but a lack of hashing -- it was specifically a case where the passwords were not stored in a hashed form. That was fundamentally a requirement for the attack to be be appearing in this way; if they had had any form of hashing, even with the length verification bug, you would have had to extract the entire hash, then do a local brute-force attack against the hash to reverse the hash, and gotten the whole password at once rather than having it show up a digit at a time.
Windows had a lot of security problems around that time.
EDIT: Regarding your hole, it sounds like NTLM authentication still is prone to problems:
https://www.csoonline.com/article/571263/ntlm-relay-attacks-explained-and-why-petitpotam-is-the-most-dangerous.html
EDIT2: Oh, if you mean "worse than I remember" talking about the case reduction, then never mind -- I thought that you were saying that the length check bug made your hole worse.