cracking passwords with time memory trade offs
play

Cracking Passwords With Time-memory Trade-offs Gildas Avoine - PowerPoint PPT Presentation

Feb 26, 2024 •361 likes •692 views

Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit e catholique de Louvain, Belgium SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion MOTIVATIONS Motivations

  1. Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit´ e catholique de Louvain, Belgium

  2. SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  3. MOTIVATIONS Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  4. One-way Function Function h : A → B that is easy to compute on every input, but hard to invert given the image of an arbitrary input. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 4

  5. Example: Password-based Authentication User (username, pwd) Computer username, pwd − − − − − − − − − − − − − → Compute h (pwd) username 1 h (pwd 1 ) username 2 h (pwd 2 ) username 3 h (pwd 3 ) . . . . . . username N h (pwd N ) Gildas Avoine Cracking Passwords with Time-memory Trade-offs 5

  6. Exhaustive Search Online exhaustive search: ◦ Computation: N := | A | ◦ Storage: 0 ◦ Precalculation: 0 Precalculated exhaustive search: ◦ Computation: 0 ◦ Storage: N ◦ Precalculation: N Gildas Avoine Cracking Passwords with Time-memory Trade-offs 6

  7. HELLMAN TABLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  8. Precalculation Phase Martin Hellman’s cryptanalytic time-memory trade-off (1980). T ∝ N 2 Precalculation phase to speed up the online attack: M 2 Gildas Avoine Cracking Passwords with Time-memory Trade-offs 8

  9. Precalculation Phase (recap) Invert h : A → B . Define R : B → A an arbitrary (reduction) function. Define f : A → A such that f = R ◦ h . Chains are generated from arbitrary values in A . f f f f S 1 = X 1 , 1 → X 1 , 2 → X 1 , 3 → . . . → X 1 , t = E 1 f f f f S 2 = X 2 , 1 → X 2 , 2 → X 2 , 3 → . . . → X 2 , t = E 2 . . . . . . f f f f S m = X m , 1 → X m , 2 → X m , 3 → → X m , t = E m . . . The generated values should cover the set A (probabilistic). Only the first and the last element of each chain is stored. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 9

  10. Online Attack Gildas Avoine Cracking Passwords with Time-memory Trade-offs 10

  11. Online Attack (Recap) Given one output y ∈ B , we compute y 1 := R ( y ) and f f f generate a chain starting at y 1 : y 1 → y 2 → y 3 → . . . y s S 1 E 1 S m E m y s not y 1 y 2 y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 11

  12. Coverage and Collisions Collisions occur during the precalculation phase. Several tables with different reduction functions. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 12

  13. OECHSLIN TABLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  14. Using Several Reduction Functions (Oechslin, 2003) Use a different reduction function per column: rainbow tables. Invert h : A → B . Define R i : B → A arbitrary (reduction) functions. Define f i : A → A such that f i = R i ◦ h . f 1 f 2 f 3 f t S 1 = X 1 , 1 → X 1 , 2 → X 1 , 3 → . . . → X 1 , t = E 1 f 1 f 2 f 3 f t S 2 = X 2 , 1 → X 2 , 2 → X 2 , 3 → . . . → X 2 , t = E 2 . . . . . . f 1 f 2 f 3 f t S m = X m , 1 → X m , 2 → X m , 3 → . . . → X m , t = E m Gildas Avoine Cracking Passwords with Time-memory Trade-offs 14

  15. Discarding the Merges If 2 chains collide in different columns, they don’t merge. If 2 chains collide in same column, merge can be detected. A table without merges is said perfect Gildas Avoine Cracking Passwords with Time-memory Trade-offs 15

  16. Online Procedure is More Complex Given one output y ∈ B , we compute y 1 := R ( y ) and generate a chain starting at y 1 : f t − s f t − s +1 f t − s +2 → y 2 → → y 1 y 3 . . . y s S 1 E 1 S m E m y s y y 1 y 2 y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 16

  17. Success Probability of a Table is Bounded Theorem Given t and a sufficiently large N, the expected maximum number of chains per perfect rainbow table without merge is: 2 N m max ( t ) ≈ t + 1 . Theorem Given t, for any problem of size N, the expected maximum probability of success of a single perfect rainbow table is: � t � 2 P max ( t ) ≈ 1 − 1 − t + 1 which tends toward 1 − e − 2 ≈ 86% when t is large. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 17

  18. Average Cryptanalysis Time Theorem Given N, m, ℓ , and t, the average cryptanalysis time is: k = ℓ t i = t p k (( t − c )( t − c + 1) � � T = + q i i ) ℓ + 2 k =1 i = c c = t −⌊ k − 1 ⌋ ℓ i = t N ) ℓ t ( t ( t − 1) (1 − m � + q i i ) ℓ 2 i =1 where q i = 1 − m N − i ( i − 1) t ( t + 1) . Gildas Avoine Cracking Passwords with Time-memory Trade-offs 18

  19. REAL LIFE EXAMPLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  20. Statistics from 10,000 Leaked Hotmail Passwords Password Type % numeric 19% lower case alpha 42% mixed case alpha 3% mixed numeric alpha 30% other charac 6% Password Length % ≤ 7 37% ≤ 8 58% ≤ 9 70% Gildas Avoine Cracking Passwords with Time-memory Trade-offs 20

  21. Windows LM Passwords (Algorithm) Win98/ME/2k/XP uses the Lan Manager Hash (LM hash). The password is cut in two blocks of 7 characters. Lowercase letters are converted to uppercase. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 21

  22. Windows LM Hash (Results) Cracking an alphanumerical password (LM Hash) on a PC. Size of the problem: N = 8 . 06 × 10 10 = 2 36 . 23 . Brute Force TMTO 4 . 03 × 10 10 1 . 13 × 10 6 Online Attack (op) Time 2 h 15 0.226 sec 1 . 42 × 10 13 Precalculation (op) 0 Time 0 33 days Storage 0 2 GB Gildas Avoine Cracking Passwords with Time-memory Trade-offs 22

  23. Windows NT LM Passwords Win NT/2000/XP/Vista/Seven uses the NT LM Hash. The password is no longer cut in two blocks. Lowercase letters are not converted to uppercase. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 23

  24. Windows NT LM Hash (Results) Cracking a 7-char (max) alphanumerical password (NT LM Hash) on a PC. Size of the problem: N = 2 41 . 7 . Brute Force TMTO 1 . 78 × 10 12 Online Attack (op) ? Time 99 hrs ? Precalculation (op) 0 ? Time 0 ? Storage 0 ? Gildas Avoine Cracking Passwords with Time-memory Trade-offs 24

  25. FINGERPRINT TABLES (Joint work with A. Bourgeois and X. Carpent) Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  26. Checkpoints (Avoine, Junod, Oechslin, 2005) Given one output y ∈ B , we compute y 1 := R ( y ) and generate a chain starting at y 1 : f t − s f t − s +1 f t − s +2 → y 2 → → y 1 y 3 . . . y s S 1 E 1 S m E m y s y y 1 y 2 checkpoint y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 26

  27. Ridge Functions Endpoints and checkpoints share the same nature. Each column contains a ridge function that outputs a (potentially empty) fingerprint of the chain. Endpoints are no longer stored. We no longer look for matching endpoints but for matching fingerprints. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 27

  28. Ridge functions (Avoine, Bourgeois, Carpent, 2012) F I S 1 N G E R P R I S m N T y s y y 1 S y 2 y 1 y 1 ridges y time needed time needed to find a matching endpoint to rebuild the chain Gildas Avoine Cracking Passwords with Time-memory Trade-offs 28

  29. Fingerprint Tables Theorem The average amount of evaluations of h during the online phase using the fingerprint tables is: ℓ t m 1 − m � k − 1 1 − m � ℓ t � � � T = ( W k + Q k ) + ( W ℓ t + Q ℓ t ) , N N N k =1 t � i − 1 � 1 − m i � � � c i = t − , q c = 1 − , ℓ N i = c   k t i − 1 � � �  ( q i − q i +1 ) , W k = ( t − c i ) , P c = φ j  i =1 i = c j = c k t � � Q k = ( c i − 1)( P c i + E c i ) , E c = ( m − q c ) φ i . i =1 i = c Gildas Avoine Cracking Passwords with Time-memory Trade-offs 29

  30. Windows NT LM Hash (Results) Cracking a 7-char (max) alphanumerical password (NT LM Hash) on a PC. Size of the problem: N = 2 41 . 7 . Brute Force TMTO 1 . 78 × 10 12 2 . 94 × 10 7 Online Attack (op) Time 99 hrs 5.9 sec 6 . 29 × 10 14 Precalculation (op) 0 Time 0 1458 days Storage 0 16 GB Gildas Avoine Cracking Passwords with Time-memory Trade-offs 30

  31. CONCLUSION Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  32. Limits of Cryptanalytic Time-memory Trade-offs A TMTO is never better than a brute force. TMTO makes sense in several scenarios. ◦ Attack repeated several times. ◦ Lunchtime attack. ◦ Attacker is not powerful but can download tables. Two conditions to perform a TMTO. ◦ Reasonably-sized problem. ◦ One-way function (or chosen plaintext attack on a ciphertext) Gildas Avoine Cracking Passwords with Time-memory Trade-offs 32

Recommend

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Introduction 1/24 Gatan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G.

430 views • 31 slides
TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Vogelsang, Andreas, and Markus Borg. " Requirements Engineering for Machine Learning:

760 views • 54 slides
Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs: Production Possibilities Frontier (PPF) The PPF: Demonstrates the maximum attainable combination of two products with a given technology and a given

593 views • 13 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the demographic transition in Tanzania Sophie Hedges 1* , Rebecca Sear 1 , Jim Todd 1,2 , Mark Urassa 2 , & David W. Lawson 3 1 Department of Population

665 views • 49 slides
Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas AbuDoleh 1 , Xusheng Wang 1 , Hao Ding 2 , Kun Huang 1 , Raghu Machiraju 1 , 2 , urek 1 , 3 Umit V. C ataly 1 Biomedical Informatics, The Ohio

489 views • 33 slides
Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information Security Group Royal Holloway, University of London ESORICS 2011 Traditional Access Control ? SECRET Time-Storage

707 views • 45 slides
on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

Attacking binary elliptic curves on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft Research Based on joint work with Brittanney Amento and Rainer Steinwandt [arXiv.org: 1209.5491, 1209.6348,

1.21k views • 76 slides
Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte Wedel Vildhj 2 1 Moscow State University, Department of Mechanics and Mathematics, tat.starikovskaya@gmail.com 2 Technical University of Denmark,

1.17k views • 27 slides
Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin Sach 2 , and Hjalte Wedel Vildhj 1 1 Technical University of Denmark, DTU Informatics, { phbi,ilg,hwvi } @imm.dtu.dk 2 University of Warwick,

948 views • 56 slides
Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus University S. Srinivasa Rao Seoul National University 18 th Annual European Symposium on Algorithms, Liverpool, United Kingdom, September 8, 2010

361 views • 23 slides
PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom silicon to be implemented easily. The result is a chip that can be built specifically for cracking passwords. This presentation focuses on uncovering

606 views • 47 slides
Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs Mark van Heeswijk, Amaury Lendasse, Yoan Miche September 5, 2014 Outline Motivation Extreme Learning Machines Compressive Extreme Learning

975 views • 48 slides
Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen National institute of Institut f ur Informatik, National institute of informatics. Freie Universit at informatics. Tokyo, Japan Berlin,

374 views • 35 slides
User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of a tortoise beetle defense arsenal Fredric V. Vencl Ecology and Evolution, Stony Brook

262 views • 9 slides
The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how

The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how

The Art and Science of Memory Allocation Don Porter CSE 506 Lecture goal Understand how memory allocators work In both kernel and applications Understand trade-offs and current best practices Bump allocator malloc (6)

522 views • 41 slides
System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency

System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency

System Level Power- Performance Trade-Offs in Embedded Systems Using Voltage and Frequency Scaling of Off-Chip Buses and Memory Puttaswamy 1 , Won Choi 1 , Jun Park 1 , Kiran Puttaswamy Kiran , Kyu Kyu- -Won Choi , Jun Cheol Cheol Park ,

341 views • 20 slides
History of Operating Systems What drives these trade-offs? Hardware User Applications

History of Operating Systems What drives these trade-offs? Hardware User Applications

10/1/16 COMP 530: Operating Systems COMP 530: Operating Systems Natural Selection Almost all OS design is about trade-offs History of Operating Systems What drives these trade-offs? Hardware User Applications Observation:

381 views • 6 slides
Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the Integers Johannes Buchmann, Daniel Cabarcas, Florian G opfert, Andreas H ulsing, Patrick Weiden Technische Universit at Darmstadt Darmstadt,

387 views • 18 slides
Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!)

Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!)

Understand the trade-offs using compilers for Java applications (From AOT to JIT and Beyond!) Mark Stoodley Eclipse OpenJ9 & OMR project co-lead Senior Software Developer @ IBM Canada mstoodle@ca.ibm.com @mstoodle Java ecosystem has a

827 views • 56 slides
Password Cracking Prof. Tom Austin San Jos State University How should you store users'

Password Cracking Prof. Tom Austin San Jos State University How should you store users'

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

359 views • 11 slides
I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In

I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In

I/O Virtualization with Hardware Support Ubaid H. and Vasia P. Trade-offs and Motivation - In a fully virtual I/O, we have interposition - Full encapsulation (store, pause, resume), portability, flexibility, live migration - Slow

423 views • 24 slides
SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for

SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for

SociableSense: Exploring the Trade- offs of Adaptive Sampling and Computation Offloading for Social Sensing Kiran K. Rachuri, Cecilia Mascolo, Mirco Musolesi, Peter J. Rentfrow Mateusz Grabowski The images come from an original presentation:

373 views • 33 slides

More recommend