reasoning analytically about password cracking software
play

Reasoning Analytically About Password-Cracking Software Enze Alex - PowerPoint PPT Presentation

Nov 12, 2022 •12 likes •822 views

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur Chic4go 2 Attack Model 80d561388725fa74f2d03cd16e1d687c 3 Attack Model 80d561388725fa74f2d03cd16e1d687c

  1. Reasoning Analytically About Password-Cracking Software Enze “Alex” Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

  2. Chic4go 2

  3. Attack Model 80d561388725fa74f2d03cd16e1d687c 3

  4. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 4

  5. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 5

  6. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 6

  7. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 7

  8. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845 8

  9. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845 6. h(“Chic4go”) = 80d561388725fa74f2d03cd16e1d687c 9

  10. Chic4go 10

  11. Chic4go Guess # 6 11

  12. Chic4go Guess # 6 Guess # 13,545,239,432 12

  13. 13

  14. Password-Cracking Methods Probabilistic Models Software Tools 14

  15. Password-Cracking Methods Probabilistic Models Software Tools Guess # Chic4go 15

  16. Password-Cracking Methods Probabilistic Models Software Tools Guess # Chic4go 16

  17. Guess Number by Enumeration 1. 123456 2. password 3. monkey Does Not Scale !!! 4. letmein 5. p@ssw0rd 6. Chic4go 17

  18. Our Analysis Goals 1. Compute guess numbers efficiently 2. Configure guessing method systematically 18

  19. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 19

  20. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # Configuration 20

  21. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 21

  22. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 22

  23. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 23

  24. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess-Efficient 24

  25. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess-Efficient Wall-Clock Time Slow 25

  26. Software Tools John the Ripper Hashcat 26

  27. Software Tools chicdog chicagos chicago1 CHICAG chicago2 chicaga chicago chicago3 Chicago chicago6 CHICAGO chicago9 CHIcago 27

  28. Software Tools John the Ripper Hashcat Guess-Inefficient Wall-Clock Time Fast 28

  29. Software Tools John the Ripper Hashcat Guess-Inefficient Wall-Clock Time Fast 29

  30. Software Tools John the Ripper Hashcat Guess # [S&P 2019] Configuration 30

  31. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 31

  32. Mangled Wordlist Attack 32

  33. Mangled Wordlist Attack Wordlist Super Password Chicago 33

  34. Mangled Wordlist Attack Wordlist Rulelist Super 1. Append “1” Password 2. Replace “a” → “4” Chicago 3. Lowercase all 34

  35. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Chicago 3. Lowercase all 35

  36. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all 36

  37. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 37

  38. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 38

  39. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go super password chicago 39

  40. Example Wordlists and Rulelists Wordlist PGS ( ≈ 20,000,000) Linkedin ( ≈ 60,000,000) HIBP ( ≈ 500,000,000) 40

  41. Example Wordlists and Rulelists Wordlist Rulelist PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) 41

  42. Example Wordlists and Rulelists Wordlist Rulelist 10 9 - 10 15 PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) guesses Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) 42

  43. Example Wordlists and Rulelists Wordlist Rulelist 10 9 - 10 15 PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) guesses Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) + Hackers’ private word/rule lists 43

  44. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 44

  45. Is This Password in the Guesses? Guesses Super1 Password1 Chic4go Chicago1 Super P4ssword Chic4go super password chicago 45

  46. Is This Password in the Guesses? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go super password chicago 46

  47. Insight We can work backwards! 47

  48. Insight: Invert Rules Password Chic4go 48

  49. Insight: Invert Rules Rulelist Password 1. Append “1” Chic4go 2. Replace “a” → “4” 3. Lowercase all 49

  50. Insight: Invert Rules Rulelist Password 1. Append “1” Chic4go 2. Replace “a” → “4” 3. Lowercase all 50

  51. Insight: Invert Rules Preimages Rulelist Password Chicago 1. Append “1” Chic4go 2. Replace “a” → “4” Chic4go 3. Lowercase all 51

  52. 52

  53. *05 O03 d '7 Switch the first and the sixth char; Delete the first three chars; Duplicate the whole word; Truncate the word to length 7; Preimages? Preimages? Chic4go 53

  54. Where in the Stream? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 54

  55. Where in the Stream? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 55

  56. Counting Guesses For Each Rule Wordlist Rule Guesses Reject if no “a”; Super 2 Password Replace a → 4 Chicago 56

  57. Our First Contribution ● Fast Guess Number Estimation 57

  58. Fast Guess Number Estimation Linkedin + SpiderLab 58

  59. Fast Guess Number Estimation Linkedin + SpiderLab Guesses 59

  60. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB 60

  61. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB Preprocessing > 2 years < 1 day 61

  62. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB Preprocessing > 2 years < 1 day Mean Lookup ??? < 1 second 62

  63. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 63

  64. Software Tools Depend On ● Order of rules ● Contents of the rulelist ● Order of words ● Contents of the wordlist 64

Recommend

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi, Maximilian Golla, David Cash, and Blase Ur November 26, 2019 | PasswordsCon | Stockholm, Sweden People Choose Weak Passwords Johnny14! 2 November 26,

2.25k views • 49 slides
Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides
Password Cracking Prof. Tom Austin San Jos State University How should you store users'

Password Cracking Prof. Tom Austin San Jos State University How should you store users'

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

359 views • 11 slides
Potential of Milky Way Potential of Milky Way given analytically given analytically XI B

Potential of Milky Way Potential of Milky Way given analytically given analytically XI B

Potential of Milky Way Potential of Milky Way given analytically given analytically XI B Bulgarian- ulgarian-S Serbian erbian A Astronomical stronomical C Conference onference XI 14-18.05.2018. - Belogradchik, 14-18.05.2018. -

248 views • 23 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

771 views • 28 slides
Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Introduction Background Research Results

389 views • 34 slides
Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Distributed Password Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master Students Michiel van Veen 08-02-2012 1 The project Research Question : How can a scalable , modular and extensible middleware

357 views • 22 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
Effect Transition Moment Integral Can be evaluated analytically Often simplified by

Effect Transition Moment Integral Can be evaluated analytically Often simplified by

Lecture 14: Anharmonic Oscillator and Raman Effect Transition Moment Integral Can be evaluated analytically Often simplified by symmetry Gives rise to selection rules if recursion formulae exist The chemical bond as a simple harmonic

412 views • 23 slides
twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength &amp; Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens Steube Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more it

894 views • 19 slides
DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger Pirk Eleni Petraki Strato Idreos Stefan Manegold Martin Kersten EVALUATING RANGE PREDICATES COMPLEXITY ON PAPER Scanning: O(n) Sorting:

910 views • 43 slides
PASSWORD SOFTWARE AU PC Mtg Nov. 19 DASHLANE Pros &amp; Cons o Self-learn support

PASSWORD SOFTWARE AU PC Mtg Nov. 19 DASHLANE Pros &amp; Cons o Self-learn support

PASSWORD SOFTWARE AU PC Mtg Nov. 19 DASHLANE Pros &amp; Cons o Self-learn support links o Dashlane Threat Center LASTPASS ROBOFORM DASHLANE PROs &amp; CONs PROs PC Based software app Privacy and

241 views • 7 slides
Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of this presentation (if you stay awake), you will: Goals Setting Up Checking Injection Understand the different types of wireless keys

447 views • 13 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength &amp; Cracking Roadmap Password

750 views • 31 slides
Method for analytically calculating BER (bit error rate) in presence of non-linearity Gaurav

Method for analytically calculating BER (bit error rate) in presence of non-linearity Gaurav

Method for analytically calculating BER (bit error rate) in presence of non-linearity Gaurav Malhotra Xilinx Outline Review existing methodology for calculating BER based on linear system analysis. Link model with ISI, Crosstalk,

195 views • 17 slides
Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2

Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2

October 18, 2016 Tabled CLP for Reasoning over Stream Data Joaqun Arias 1 , 2 1 IMDEA Software Institute, 2 Technical University of Madrid madrid institute for advanced studies in software development technologies www.software.imdea.org Goal:

401 views • 25 slides

More recommend