Attacking Passwords Richard Frovarp
About Me Senior Software Engineer - Enterprise Computing & Infrastructure - NDSU Systems Administrator - EduTech Dabbler in Enterprise Wireless Member Apache Software Foundation 2
Standard Disclaimer The presentation represents the personal views of the presenter and not of North Dakota State University. Always consult a security specialist when making security decisions. 3
Overview ● Introduction to passwords ● Storage methods ● User tendencies ● Attack methods ● Mitigation? 4
History "TTY33ASR" by Marcin Wichary, User:AlanM1 - Derived (cropped) 1979 Bob Morris & from. Licensed under CC BY 2.0 via Wikimedia Commons - http: //commons.wikimedia.org/wiki/File:TTY33ASR.jpg#/media/File: TTY33ASR.jpg Ken Thompson ● Hard terminals ● Limited resources ○ attacker didn’t have own resources ● Power Users ~3 Systems 5
Advice ● Don’t store passwords plain text ● Don’t write down passwords ● Computation should take about a second 6
Methods of storing ● Plain text ● Encryption ○ Two way operation, must be able to decrypt ○ ECB makes things very bad ● Hashing ○ One way transformation ○ Generally fast ○ Fixed length output ○ Abused in many contexts 7
Rules ● Minimum length 8 - From 1979 ● Max length - WHY? 8
Password Patterns ● Familiar with dumps ○ Consumer facing sites ● Corporate looks different ● Rotation ○ Seasons / Months ■ Winter14 ■ Winter15 ■ Spring15 ■ February15 ■ March15. 9
Local Name Services ● Can purchase list of local names online ○ Vikings ○ Agassiz ○ Force ○ Bison ○ Carl Ben Eilson ○ Roger Maris ○ Westport Beach ● If known to have several employees from Mumbai, get that one too. 10
Mobile Keyboards iOS 7 vs Android 4.2 http://www.phonearena.com/news/iOS-7-how-does-it-stack-up-against- Android_id44023 11
Effects of rules ● Common Requirements for “strong” password ○ 8 characters - 3 character classes ○ [A-Z][a-z]{6}[0-9\.,!] ○ 26 ^ 7 * 13 = 104 billion ● Not nearly strong enough 12
Change ● UNC Chapel Hill - 2010 Zhang ○ 41% prediction overall ○ 17% in 5 or fewer guesses ● If site enforces history, attacker can get history 13
Methods of collecting ● Chocolate - 2008 London ○ Men 10%, Women 45% ○ No verification ● Phishing - 2014 Google ○ Worst 3% ○ Best 45% 14
How bad? ● 20% decoy accounts within 30 minutes ● 50% within 20 hours ● Compare to 30 / 90 day rotation policy? ● Compare to UNC Chapel Hill study 15
Online Brute Force ● Not likely ○ Although common for admin / admin, root / password, etc ○ Vendors don’t like passwords being changed ● Defenses don’t always get it right ○ DoS ○ Makes it difficult to respond ○ Which user has a password of “Password1”? 16
Recovery ● Password recovery options aren’t good ○ Mother’s maiden name dates from at least 1882 ○ Easily guessable ● Email password is even worse ● Recovery is costly ○ Customer will go to a competitor if company makes it difficult ● SMS - not encrypted, but different channel 17
Offline brute force oclHashcat - hashcat.net ● ATi 290x ~ $300 ○ MD5 10 billion ○ SHA1 3.4 billion ○ bcrypt 4.5 thousand ○ LM 428 million ○ NTLM 17 billion ○ Oracle 10g 480 million ○ Oracle 11g 3.3 billion 18
Linux ● md5crypt ○ No longer advised ○ MD5Crypt 3.3 million vs 10 billion MD5 ● sha512crypt ○ Current method - $6$ ○ Upgraded systems probably still using md5crypt ○ SHA512Crypt 10 thousand vs 99 million SHA512 19
OS X ● PBKDF2 ○ Requires tuning ○ Apple’s tuning is quite good ● OS 10.6 2.3 billion ● OS 10.7 92 million ● OS 10.8 696 20
Windows ● LM Hash ○ Not case sensitive ○ 14 character maximum ○ Two 7 character DES’s ○ No salt ● NT Hash - md4 - unsalted ○ Yes, that md4 - 1990 ○ 20 billion per second 21
Password Hashing Competition ● Normal hashes don’t cut it ● Use password hashing ○ PBKDF2 requires tuning ○ bcrypt requires tuning ○ scrypt requires tuning across memory usage ● New competition 22
Attacking Kerberos ● Without pre-auth ○ Brute force initial request ● With pre-auth ○ MitM pre-auth, then brute force ○ etype 23 15 million ● Ticket ○ Pull TGT off of file system ● Golden ticket ● Plain text from memory 23
Pass the hash ● Windows hash acts as password ○ Reported as early as 1997 ● Target attack ● Sets up Golden Ticket 24
Mimikatz ● Windows tries to be helpful ○ Of course your work computer needs to authenticate to XBOX Live ● Black Hat USA 2014 - Windows: Abusing Microsoft Kerberos - Sorry You Guys Don’t Get It ○ https://www.youtube.com/watch?v=-IMrNGPZTl0 25
Golden Ticket ● Generated from AD DS ● Typically krbtgt user is not reset during a reset ● Can be valid for 10 years ○ Used to regain access after detection ● Can set anything ○ Kerberos TGT is client provided and trusted - for 20 minutes 26
WPA2 - Personal ● Rainbow tables ● Based off of SSID ● 163 thousand 27
Pineapple 28
WPA2 - Enterprise ● MSChapv2 ○ Why oh why? ● Pineappleable ● MSChapv2 also shows up in VPN ● CloudCracker.com ○ 300 million words, 20 minutes, $17 ● EAP - TLS ○ Use it 29
OAuth ● Password equivalent ○ Usually limited usage, but can still be scary ● Service A reads status from Service B triggering action on Service C. ● Service B could be one to track family member phones ● Service C could lock and unlock your front door 30
Mitigation? ● Actual two factor ● Password managers ● Long passwords ● Don’t lose the domain ○ Disable NLTM, NTLMv2 ○ Hope Microsoft fixes issues eventually ● Don’t use hashing primitives ○ Use PBKDF2, scrypt, bcrypt 31
Questions? 32
Recommend
More recommend
