View
221
Download
2
Category
Preview:
Citation preview
PasswordsHow Safe are They?
OverviewPasswordsCrackingAttack Avenues
On-lineOff-line
Counter Measures
Non-Technical Passwords
Non-Technical PasswordsBrute Force Approach
Steps 0-0-0 0-0-1 0-0-2 … 9-9-9
Until Found or Start Over
PasswordsProtect InformationSeen as Secure
Cracking Algorithms All or NothingOff by One Same as Not Close8 Characters Lower Case 217.1 Billion
Combinations8 Characters Upper and Lower 221 Trillion8 Characters Upper, Lower, and Special 669
Quadrillion
CrackingWays to get passwords
Weak Encryption (Lan Man)Guess
Default password Blank password Letters in row on keyboard User name Name important to user
Social Engineering
CrackingPassword length
Possible All characters Only lowercase characters
3 characters
26 0.86 second 0.02 second
4 characters
1,352 1.36 minutes 0.046 second
5 characters
52,728 2.15 hours 11.9 seconds
6 characters
1,827,904 8.51 days 5.15 minutes
7 characters
59,406,880 2.21 years 2.23 hours
8 characters
1,853,494,656
2.10 centuries 2.42 days
9 characters
56,222,671,232
20 millenniums 2.07 months
* Using Brute Force for Every Combination of Characters
Cracking
* Wired December 2012
On-LineTypes of Attacks
Dictionary – uses dictionary fileBrute Force – All combinationsHybrid – Spin off of common passwords
(password1 or 1password)Single Term – Brute Force
On-LinePassword-Based Key Derivation Function
Version 2 – PBKDF2Heuristic Rules Produces Candidate PasswordsFlushes Out Poorer ChoicesFaster than Randomly Chosen Ones
On-LineTools
Script Based – Custom, Metasploit, SnifferBrowser Based (Web Login)
FireFox’s FireForce ExtensionHydra / XHydra
Off-LineRequires Access to Password DataGained Access
SQL InjectionLocal File System Access
Long Periods for SuccessMany Tools and Techniques
Off-LineRainbow Tables (Time Memory Trade Off)
Applies Hashing AlgorithmsUses DictionaryAccumulated in Brute Force Techniques
MethodResults Saved in Table or MatrixCompare only Hashed ValuesCan Save Time, Uses a Lot of MemoryNeeds Lots of Storage Space for Tables /
Matrices
Off-LineTools
John the RipperCain and AbleOphcrack (Windows)
Windows PasswordFGDump – Retrieves Passwords from SAMFree On-Line OphCrack
http://www.objectif-securite.ch/en/ophcrack.php
Off-LineTwo parts to Windows PasswordsCalled LM1 and LM2Separated by ‘:’LM1 Contains PasswordLM2 Contains Case Information
Off-LineWindows Password Tests
49F83571A279997F1172D0580DAC68AA:2B95310914BD52173FA8E3370B9DDB29 512DataDrop4u
83BAC0B36F5221502EDC073793ADCD02:CA49CC1CFF47EAD7E4809AD01FF47F56 Croi$$ants!
Counter MeasuresLonger the BetterObfuscated Passphrase Best
I Like To Eat Two Tacos! – Il2e#2TAvoid Hyphens Between WordsAvoid Punctuation at End of Password or
PassphraseReplace Vowels with Number – MaybeLock Down System AccessMulti-Factor Authentication
References http://nakedsecurity.sophos.com/2013/08/16/anatomy-of-a-brute-
force-attack-how-important-is-password-complexity/
http://redmondmag.com/articles/2013/08/14/password-complexity.aspx
Hydra password list ftp://ftp.openwall.com/pub/wordlists/ http://gdataonline.com/downloads/GDict/
http://www.zdnet.com/brute-force-attacks-beyond-password-basics-7000001740/
http://techfoxy.blogspot.com/2012/01/how-to-hack-website-login-page-with.html
http://spectrum.ieee.org/automaton/robotics/diy/diy-robots-make-bruteforce-security-hacks-possible (MindStorms Robot Book Capture)
http://www.objectif-securite.ch/en/ophcrack.php (On-Line Ophcrack)
http://foofus.net/goons/fizzgig/fgdump/ (FGDump)
Recommended