Attacking Passwords Richard Frovarp About Me Senior Software - - PowerPoint PPT Presentation

Attacking Passwords

Richard Frovarp

About Me

Senior Software Engineer - Enterprise Computing & Infrastructure - NDSU Systems Administrator - EduTech Dabbler in Enterprise Wireless Member Apache Software Foundation

2

Standard Disclaimer

The presentation represents the personal views

• f the presenter and not of North Dakota State
• University. Always consult a security specialist

when making security decisions.

3

Overview

• Introduction to passwords
• Storage methods
• User tendencies
• Attack methods
• Mitigation?

4

History

1979 Bob Morris & Ken Thompson

• Hard terminals
• Limited resources

○ attacker didn’t have

• wn resources
• Power Users ~3

Systems

"TTY33ASR" by Marcin Wichary, User:AlanM1 - Derived (cropped)

• from. Licensed under CC BY 2.0 via Wikimedia Commons - http:

//commons.wikimedia.org/wiki/File:TTY33ASR.jpg#/media/File: TTY33ASR.jpg

5

Advice

• Don’t store passwords plain text
• Don’t write down passwords
• Computation should take about a second

6

Methods of storing

• Plain text
• Encryption

○ Two way operation, must be able to decrypt ○ ECB makes things very bad

• Hashing

○ One way transformation ○ Generally fast ○ Fixed length output ○ Abused in many contexts

7

Rules

• Minimum length 8 - From 1979
• Max length - WHY?

8

Password Patterns

• Familiar with dumps

○ Consumer facing sites

• Corporate looks different
• Rotation

○ Seasons / Months

■ Winter14 ■ Winter15 ■ Spring15 ■ February15 ■ March15.

9

Local Name Services

• Can purchase list of local names online

○ Vikings ○ Agassiz ○ Force ○ Bison ○ Carl Ben Eilson ○ Roger Maris ○ Westport Beach

• If known to have several employees from

Mumbai, get that one too.

10

Mobile Keyboards

iOS 7 vs Android 4.2

http://www.phonearena.com/news/iOS-7-how-does-it-stack-up-against- Android_id44023

11

Effects of rules

• Common Requirements for “strong”

password

○ 8 characters - 3 character classes ○ [A-Z][a-z]{6}[0-9\.,!] ○ 26 ^ 7 * 13 = 104 billion

• Not nearly strong enough

12

Change

• UNC Chapel Hill - 2010 Zhang

○ 41% prediction overall ○ 17% in 5 or fewer guesses

• If site enforces history, attacker can get

history

13

Methods of collecting

• Chocolate - 2008 London

○ Men 10%, Women 45% ○ No verification

• Phishing - 2014 Google

○ Worst 3% ○ Best 45%

14

How bad?

• 20% decoy accounts within 30 minutes
• 50% within 20 hours
• Compare to 30 / 90 day rotation policy?
• Compare to UNC Chapel Hill study

15

Online Brute Force

• Not likely

○ Although common for admin / admin, root / password, etc ○ Vendors don’t like passwords being changed

• Defenses don’t always get it right

○ DoS ○ Makes it difficult to respond ○ Which user has a password of “Password1”?

16

Recovery

• Password recovery options aren’t good

○ Mother’s maiden name dates from at least 1882 ○ Easily guessable

• Email password is even worse
• Recovery is costly

○ Customer will go to a competitor if company makes it difficult

• SMS - not encrypted, but different channel

17

Offline brute force

• clHashcat - hashcat.net
• ATi 290x ~ $300

○ MD5 10 billion ○ SHA1 3.4 billion ○ bcrypt 4.5 thousand ○ LM 428 million ○ NTLM 17 billion ○ Oracle 10g 480 million ○ Oracle 11g 3.3 billion

18

Linux

• md5crypt

○ No longer advised ○ MD5Crypt 3.3 million vs 10 billion MD5

• sha512crypt

○ Current method - $6$ ○ Upgraded systems probably still using md5crypt ○ SHA512Crypt 10 thousand vs 99 million SHA512

19

OS X

• PBKDF2

○ Requires tuning ○ Apple’s tuning is quite good

• OS 10.6 2.3 billion
• OS 10.7 92 million
• OS 10.8 696

20

Windows

• LM Hash

○ Not case sensitive ○ 14 character maximum ○ Two 7 character DES’s ○ No salt

• NT Hash - md4 - unsalted

○ Yes, that md4 - 1990 ○ 20 billion per second

21

Password Hashing Competition

• Normal hashes don’t cut it
• Use password hashing

○ PBKDF2 requires tuning ○ bcrypt requires tuning ○ scrypt requires tuning across memory usage

• New competition

22

Attacking Kerberos

• Without pre-auth

○ Brute force initial request

• With pre-auth

○ MitM pre-auth, then brute force ○ etype 23 15 million

• Ticket

○ Pull TGT off of file system

• Golden ticket
• Plain text from memory

23

Pass the hash

• Windows hash acts as password

○ Reported as early as 1997

• Target attack
• Sets up Golden Ticket

24

Mimikatz

• Windows tries to be helpful

○ Of course your work computer needs to authenticate to XBOX Live

• Black Hat USA 2014 - Windows: Abusing

Microsoft Kerberos - Sorry You Guys Don’t Get It

○ https://www.youtube.com/watch?v=-IMrNGPZTl0

25

Golden Ticket

• Generated from AD DS
• Typically krbtgt user is not reset during a

reset

• Can be valid for 10 years

○ Used to regain access after detection

• Can set anything

○ Kerberos TGT is client provided and trusted - for 20 minutes

26

WPA2 - Personal

• Rainbow tables
• Based off of SSID
• 163 thousand

27

Pineapple

28

WPA2 - Enterprise

• MSChapv2

○ Why oh why?

• Pineappleable
• MSChapv2 also shows up in VPN
• CloudCracker.com

○ 300 million words, 20 minutes, $17

• EAP - TLS

○ Use it

29

OAuth

• Password equivalent

○ Usually limited usage, but can still be scary

• Service A reads status from Service B

triggering action on Service C.

• Service B could be one to track family

member phones

• Service C could lock and unlock your front

door

30

Mitigation?

• Actual two factor
• Password managers
• Long passwords
• Don’t lose the domain

○ Disable NLTM, NTLMv2 ○ Hope Microsoft fixes issues eventually

• Don’t use hashing primitives

○ Use PBKDF2, scrypt, bcrypt

31

Questions?

32