If the password is plain, using a network monitor tool can ‘snip’ it out.
Unix has salt, Windows does not.
As a result it is easy to guess the password. Even though the algorithm is strong, they will always encrypt to the same if password is the same. Also you can ‘guess’ the password using dictionary attack or brute force attack.
Microsoft Password Hashing
Microsoft performs two types of password hashing:
- Windows hashing
- LANMAN hashing
Windows hashing takes your password and converts it to Unicode. Unicode is a means to provide a unique number for every character regardless of the platform or language. Thisprovides universality to software engineering, where developers can write a program or web page in one language using Unicode and have it easily viewed by readers in other languages. For example, the code 0041 is the capital letter A.
After the password is converted to Unicode, an MD4 algorithm is run against the Unicode string to compute a hash value. The MD4 algorithm takes the string and extends it by adding a single 1 bit followed by a number of 0 bits so that its length in bits is 64 bits short of being a multiple of 512 (448 modulo 512). Next, the first 64 bits of the original Unicode password are added again to equal a number divisible by 512. Four variables are then used in an algorithm against the new value, resulting in a hash value.
UNIX Password Hashing
Just running the algorithm once does not provide much security, so UNIX systems run the DES algorithm 25 times. The password is encrypted first with a 64-bit variable of all zeros. The output, combined with a random salt value, is used as input when running the algorithm the subsequent 24 times. Figure 9-4 demonstrates how DES encrypts a password.