Password Cracking Prof. Tom Austin San Jos State University How - PowerPoint PPT Presentation

Apr 19, 2023 •236 likes •359 views

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

CS 166: Information Security Password Cracking Prof. Tom Austin San José State University
How should you store users' passwords?
Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes. MD5 hash value Password 5ebe2294ecd0e0f08eab7690d2a6ee69 "secret" 084e0343a0486ff05530df6c705c8bb4 "guest" 5f4dcc3b5aa765d61d8327deb882cf99 "password" 482c811da5d5b4bc6d497ffa98491e38 "password123" 0d107d09f5bbe40cade3de5c71e9e9b7 "letmein"
***WARNING*** The passwords.txt file is LARGE. It may kill your text editor. It is still small compared to what serious password crackers use.
Lab: Part 1 Download Cracker.java and passwords.txt from http://www.cs.sjsu.edu/~austin/cs166- spring18/labs/lab08/. What username/password combinations can you identify in input.txt?
Salted hashes • With lookup tables, a single hash allows you to check all passwords for matches. • Using salt values forces the attacker to check each password individually. Salt Password Hash 25c2f2345300e540d4f2b6a86002874e "AE" "secret" 675c17712c444cd7512ceadb29fde6cf "19" "secret" d0633e11f62c38ad06d13545908ee223 "E0" "secret" 5fb6bf90896adb43a2eb625d8e75f9f9 "0B" "secret"
Lab: Part 2 Download inputSalted.txt. These credentials include salt values used in the hash, created by: md5hash(salt+password) Extend Cracker.java to break as many of these passwords as you can. How much slower is this program?
Pepper Value • Salt values slow down an attacker, but an attacker can still get many passwords. • A pepper value is a secret value added to the hash input. • Adding a pepper value requires additional work from the attacker (until it is broken).
Modern Password Hashing • Newer algorithms use key stretching to increase the work required per hash. – The initial key is fed into an algorithm that outputs an enhanced key . • Examples: – Bcrypt – PBKDF2 (Password-Based Key Derivation Function 2)
One Key Stretching Algorithm String hashStretchKey( String password, String salt, String pepper, int workFactor) { String hash = ""; for (int i=0; i<workFactor; i++) { hash = hashFun(hash + salt + pepper + password); } return key; }
Lab: Part 3 Download inputSaltedPeppered.txt. These credentials include salt values used in the hash, along with an unknown pepper value , created by: md5hash(salt+pepper+password) Extend Cracker.java. The pepper value is a number between 1 and 10. How much slower is this program?

Recommend

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

771 views • 28 slides

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi, Maximilian Golla, David Cash, and Blase Ur November 26, 2019 | PasswordsCon | Stockholm, Sweden People Choose Weak Passwords Johnny14! 2 November 26,

2.25k views • 49 slides

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Introduction Background Research Results

389 views • 34 slides

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur Chic4go 2 Attack Model 80d561388725fa74f2d03cd16e1d687c 3 Attack Model 80d561388725fa74f2d03cd16e1d687c

822 views • 81 slides

Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Distributed Password Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master Students Michiel van Veen 08-02-2012 1 The project Research Question : How can a scalable , modular and extensible middleware

357 views • 22 slides

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens Steube Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more it

894 views • 19 slides

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger Pirk Eleni Petraki Strato Idreos Stefan Manegold Martin Kersten EVALUATING RANGE PREDICATES COMPLEXITY ON PAPER Scanning: O(n) Sorting:

910 views • 43 slides

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of this presentation (if you stay awake), you will: Goals Setting Up Checking Injection Understand the different types of wireless keys

447 views • 13 slides

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides

Designing for durability and strength Cracking & durability Local studies on corrosion &

Designing for durability and strength Cracking & durability Local studies on corrosion & cracking Other aspects Presented by: Professor Mark Alexander Concrete Materials and Structural Integrity Research Unit (CoMSIRU)

718 views • 29 slides

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom silicon to be implemented easily. The result is a chip that can be built specifically for cracking passwords. This presentation focuses on uncovering

606 views • 47 slides

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides