network security fundamentals
play

Network Security Fundamentals Security Training Course Dr. Charles - PowerPoint PPT Presentation

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication How Passwords are


  1. Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013

  2. Network Security Fundamentals Module 4 Password Strength & Cracking

  3. Roadmap • Password Authentication • How Passwords are Cracked • Countermeasures 04/13 cja 2013 3

  4. Password Authentication

  5. Password Representations • UNIX  DES “ Hashes ”  Old technology, but still around • Linux  Hashes  Salted SHA-512, SHA-256, MD5, Blowfish • Mac OS X  Hashes  Salted SHA-1 04/13 cja 2013 5

  6. UNIX “ Hash ” Generation • Password length 8 characters or less • 7 bits of each character used to generate 56-bit key • Key used to encrypt a constant using a variation of the DES algorithm MGoBlue1 Key DES ’ Constant (0x00000000) UNIX Hash zvktPWeeFzCVA 04/13 cja 2013 6

  7. UNIX “ Hash ” Considerations • It’s not a hash • Keyboard character set  Common alphanumeric set only  Character variations ≈ 126 • Maximum entropy ≈ 6.3*10 16 passwords • Salted 04/13 cja 2013 7

  8. Linux Hash Generation • Hash the password • Store it MGoBlue1 SHA-512 SHA-512 Hash $6$dmk52gd$TWOWIDs1q6/uZ.t49s.YkFQr3zeTGzrYwN33Ep2pdTKw � HekN/O2hK0QuSTtUYNmS5Homqtp9lA/jf0hWRE7Bb/ � 04/13 cja 2013 8

  9. Linux Hash Considerations • Keyboard character set  Common alphanumeric set only  Character variations ≈ 126 • Maximum length = 256 characters • Entropy for 256-character password ≈ 4.9*10 538 • Entropy for 20-character password from 126 character set ≈ 1.0*10 42 • Entropy for 20-character password from 69 “ keyboard ” character set ≈ 6.0*10 36 • Salted 04/13 cja 2013 9

  10. Linux Passwords • Passwords stored in  /etc/shadow readable only by root • Other per-user information stored in  /etc/passwd world readable • UNIX stored both in /etc/passwd ! 04/13 cja 2013 10

  11. Linux Hashes • Several hashes available • Use SHA-512! ID Method $1$ MD5 $2a$ Blowfish (some distros) $5$ SHA-256 $6$ SHA-512 (default) 04/13 cja 2013 11

  12. SHA-3 Hash Contest Update • MD5 broken, SHA-1&2 suspect • NIST competition for a SHA-3  Timeframe 2008-2012  51 candidates submitted for Round 1  14 candidates in Round 2  BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein  Final candidates announced December 10, 2010  BLAKE, Grøstl, JH, Keccak, and Skein  SHA-3 standard to be published 2012 2013? 10/12 cja 2012 12

  13. Choosing A Password • Good • Bad  Pass phrases (much  people ’ s names longer than 8  dictionary/technical characters) words or phrases  miX cAsE  birth dates  places  digits/punctuation  common acronyms  control characters  backwards spelling  easy to remember  simple permutations  no words in any  8 characters or less language 04/13 cja 2013 13

  14. Choosing A Password 2013 • Good • Bad  Pass phrases (much  Everything else longer than 8 characters) 04/13 cja 2013 14

  15. How Passwords are Cracked

  16. Passive Online Attacks Man-in-the-Middle and Replay Attacks • Somehow get access to communications channel • Wait for authentication sequence • Proxy authentication-traffic • No need to brute-force • Considerations  Relatively hard to perpetrate  Must be trusted by one or both sides  Some tools widely available  Anyone remember MarketScore? 04/13 cja 2013 16

  17. Active Online Attacks Password guessing • Try different passwords until one works • Made easier by Bad passwords  Excessive information from server  Lack of password guessing controls  • Considerations Assuming good passwords, is this even feasible?   Common 8 character password space (69^8)  Password Expires in 90 days  Need to guess 3,964,493,629 pwds/sec  Need throughput of 253,727,592,310 bits/sec  Gigabit Ethernet = 1B bits/sec Easily detected and stopped  Core problem: Bad passwords  04/13 cja 2013 17

  18. Offline Attacks • Attacker has password database  Not that hard: Need to be admin (or steal the box) • Can attack at leisure – Attack types:  Dictionary attack  Very Fast  Core Problem: Bad Passwords  Brute Force attack  AlphaNumerics then AlphaNumerics + Upper Row Symbol, etc  Slow, but will eventually find all passwords  Hybrid  Start with Dictionary, Insert Entropy  Pre-computed Hashes  Rainbow tables  Time-space tradeoff • Considerations  Moore ’ s law 04/13 cja 2013 18

  19. John the Ripper • http://www.openwall.com/john/ • Fast, open-source password cracker  Created by Solar Designer  Active development group • Runs on Linux, Mac OS X, Solaris, Android, … • Handles DES, BSDI DES, FreeBSD MD5, OpenBSD Blowfish, Kerberos AFS DES, and LM DES hashes • Runs well on HPC clusters using Open MP • Jumbo patch for 1.7.9, revision 7 adds GPU support  CUDA and OpenCL • Openwall community wiki  http://openwall.info/wiki/john 10/12 cja 2012 19

  20. Hashcat • http://hashcat.net/hashcat/ • Fast password cracker • Runs on Windows, Linux, Mac OS X • Command line & GUI versions • Supports a large number of hash types • Multiple attack modes (dictionary, rule-based, combinator, …) • GPU support • https://hashcat.net/wiki/doku.php?id=hashcat 10/12 cja 2012 20

  21. Lab: Crack Passwords 1. Install John the Ripper  cd; tar zxf /usr/local/lab/john/john-1.7.9.tar.gz; cd ~/john-1.7.9/doc Follow directions in INSTALL & README  2. Create test account with a weak password using MD5 hashing  sudo vi /etc/pam.d/system-auth  Change string sha512 to md5 in third paragraph  sudo useradd sucker sudo passwd sucker  3. Undo the change to system-auth you made in step 2. 4. Create test account with a weak password using SHA-512 hashing  sudo useradd trout sudo passwd trout  5. Obtain password hashes  cd ~/john-1.7.9/run; sudo ./unshadow /etc/passwd /etc/shadow >passwd.1 6. Crack  ./john passwd.1 04/13 cja 2013 21

  22. Lab: Crack Passwords • You can interrupt at any time, and restart with  ./john –restore • If you want to start over  rm john.pot restore • To display all passwords found so far  ./john –show passwd.1 • To see how fast John is on your machine  ./john --test • When done, delete the test accounts and the local password and crack files!  sudo userdel sucker; sudo userdel trout  /bin/rm ~/john-1.7.9/run/{john.pot,passwd.1} 04/13 cja 2013 22

  23. Rainbow Tables • What if you precomputed the password hashes?  All Windows LM Hashes: 166 Terabytes  All Windows NT Hashes < 15 chars: 140,959,235,198 Exabytes • This would result in faster cracking, at the cost of storing all those hashes  This is the Time-Memory tradeoff  Implemented using hash chains  Clever way to link the hashes into chains  Only store 1 in 10,000 hashes • Rainbow tables improve on hash chains  Reduce collisions (overlapping chains) • Ineffective against salted hashes  Unix, Linux, and Mac OS X hashes are salted  Windows NT hashes are not 04/13 cja 2013 23

  24. Rainbow Tables • http://ophcrack.sourceforge.net/  Windows password cracker that uses rainbow tables  Cracks LM and NT hashes  Live CD support  Free tables for Windows XP and Vista (dictionary based)  For-fee tables for Vista (NTLM)  Seems to be moribund • http://www.freerainbowtables.com/  “Folding@home” distributed cracking model  Terabytes of tables  Free tables  For-fee tables  Seems to be quite active 04/13 cja 2013 24

  25. Countermeasures

  26. Policy-Based Mitigation • Develop a password policy  Require pass phrases  Greater than 15 mixed characters  Password expiration for all accounts  No password reuse (temporal and spatial)  Account lockout (where appropriate) • Physical security policy  Cornerstone for any security  No physical security = no security • No policy = no enforcement 04/13 cja 2013 26

  27. Pass Phrases v. Passwords • Pass phrases are long strings  “ I wish we’d use 2Factor authentication instead of passwords ”  Very strong protection against attacks  Easy to remember, a bit longer to type • Passwords are short complex strings  “ @Rag0Rnrul3z ”  Hard to remember  Often difficult to type  Not resistant against current attacks  Obvious substitutions are quickly broken • Take-away: Long easily-remembered phrases are better than short complex passwords http://xkcd.com/936/ 04/13 cja 2013 27

  28. Technology-Based Mitigation Multi-factor authentication • Why use only passwords? • Two-factor authentication  Very difficult to thwart  Higher cost of initial deployment  Long-term cost benefit  Idea: use your smartphone as your token  http://www.duosecurity.com/  Google Authenticator 04/13 cja 2013 28

  29. Technology-Based Mitigation Multi-factor authentication • Biometrics  Measure some physical characteristic  Fingerprint, iris color distribution, retinal pattern, …  Usually defeated with non-technical attacks  Historically unreliable  False positives - bad guy authenticated  False negatives - legitimate user refused  Can be stolen  Iris scanners popular Courtesy WIkipedia 04/13 cja 2013 29

Recommend


More recommend