180 likes | 375 Vues
Passwords. How Safe are They?. Overview. Passwords Cracking Attack Avenues On-line Off-line Counter Measures. Non-Technical Passwords. Non-Technical Passwords. Brute Force Approach Steps 0-0-0 0-0-1 0-0-2 … 9-9-9 Until Found or Start Over. Passwords. Protect Information
E N D
Passwords How Safe are They?
Overview • Passwords • Cracking • Attack Avenues • On-line • Off-line • Counter Measures
Non-Technical Passwords • Brute Force Approach • Steps • 0-0-0 • 0-0-1 • 0-0-2 • … • 9-9-9 • Until Found or Start Over
Passwords • Protect Information • Seen as Secure • Cracking Algorithms All or Nothing • Off by One Same as Not Close • 8 Characters Lower Case 217.1 Billion Combinations • 8 Characters Upper and Lower 221 Trillion • 8 Characters Upper, Lower, and Special 669 Quadrillion
Cracking • Ways to get passwords • Weak Encryption (Lan Man) • Guess • Default password • Blank password • Letters in row on keyboard • User name • Name important to user • Social Engineering
Cracking * Using Brute Force for Every Combination of Characters
Cracking * Wired December 2012
On-Line • Types of Attacks • Dictionary – uses dictionary file • Brute Force – All combinations • Hybrid – Spin off of common passwords (password1 or 1password) • Single Term – Brute Force
On-Line • Password-Based Key Derivation Function Version 2 – PBKDF2 • Heuristic Rules Produces Candidate Passwords • Flushes Out Poorer Choices • Faster than Randomly Chosen Ones
On-Line • Tools • Script Based – Custom, Metasploit, Sniffer • Browser Based (Web Login) • FireFox’s FireForce Extension • Hydra / XHydra
Off-Line • Requires Access to Password Data • Gained Access • SQL Injection • Local File System Access • Long Periods for Success • Many Tools and Techniques
Off-Line • Rainbow Tables (Time Memory Trade Off) • Applies Hashing Algorithms • Uses Dictionary • Accumulated in Brute Force Techniques • Method • Results Saved in Table or Matrix • Compare only Hashed Values • Can Save Time, Uses a Lot of Memory • Needs Lots of Storage Space for Tables / Matrices
Off-Line • Tools • John the Ripper • Cain and Able • Ophcrack (Windows) • Windows Password • FGDump – Retrieves Passwords from SAM • Free On-Line OphCrack • http://www.objectif-securite.ch/en/ophcrack.php
Off-Line • Two parts to Windows Passwords • Called LM1 and LM2 • Separated by ‘:’ • LM1 Contains Password • LM2 Contains Case Information
Off-Line • Windows Password Tests • 49F83571A279997F1172D0580DAC68AA:2B95310914BD52173FA8E3370B9DDB29 • 512DataDrop4u • 83BAC0B36F5221502EDC073793ADCD02:CA49CC1CFF47EAD7E4809AD01FF47F56 • Croi$$ants!
Counter Measures • Longer the Better • Obfuscated Passphrase Best • I Like To Eat Two Tacos! – Il2e#2T • Avoid Hyphens Between Words • Avoid Punctuation at End of Password or Passphrase • Replace Vowels with Number – Maybe • Lock Down System Access • Multi-Factor Authentication
References • http://nakedsecurity.sophos.com/2013/08/16/anatomy-of-a-brute-force-attack-how-important-is-password-complexity/ • http://redmondmag.com/articles/2013/08/14/password-complexity.aspx • Hydra password list • ftp://ftp.openwall.com/pub/wordlists/ • http://gdataonline.com/downloads/GDict/ • http://www.zdnet.com/brute-force-attacks-beyond-password-basics-7000001740/ • http://techfoxy.blogspot.com/2012/01/how-to-hack-website-login-page-with.html • http://spectrum.ieee.org/automaton/robotics/diy/diy-robots-make-bruteforce-security-hacks-possible (MindStorms Robot Book Capture) • http://www.objectif-securite.ch/en/ophcrack.php (On-Line Ophcrack) • http://foofus.net/goons/fizzgig/fgdump/ (FGDump)