cracking passwords with time memory trade offs
play

Cracking Passwords With Time-memory Trade-offs Gildas Avoine - PowerPoint PPT Presentation

Feb 26, 2024 •361 likes •692 views

Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit e catholique de Louvain, Belgium SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion MOTIVATIONS Motivations

  1. Cracking Passwords With Time-memory Trade-offs Gildas Avoine Universit´ e catholique de Louvain, Belgium

  2. SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  3. MOTIVATIONS Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  4. One-way Function Function h : A → B that is easy to compute on every input, but hard to invert given the image of an arbitrary input. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 4

  5. Example: Password-based Authentication User (username, pwd) Computer username, pwd − − − − − − − − − − − − − → Compute h (pwd) username 1 h (pwd 1 ) username 2 h (pwd 2 ) username 3 h (pwd 3 ) . . . . . . username N h (pwd N ) Gildas Avoine Cracking Passwords with Time-memory Trade-offs 5

  6. Exhaustive Search Online exhaustive search: ◦ Computation: N := | A | ◦ Storage: 0 ◦ Precalculation: 0 Precalculated exhaustive search: ◦ Computation: 0 ◦ Storage: N ◦ Precalculation: N Gildas Avoine Cracking Passwords with Time-memory Trade-offs 6

  7. HELLMAN TABLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  8. Precalculation Phase Martin Hellman’s cryptanalytic time-memory trade-off (1980). T ∝ N 2 Precalculation phase to speed up the online attack: M 2 Gildas Avoine Cracking Passwords with Time-memory Trade-offs 8

  9. Precalculation Phase (recap) Invert h : A → B . Define R : B → A an arbitrary (reduction) function. Define f : A → A such that f = R ◦ h . Chains are generated from arbitrary values in A . f f f f S 1 = X 1 , 1 → X 1 , 2 → X 1 , 3 → . . . → X 1 , t = E 1 f f f f S 2 = X 2 , 1 → X 2 , 2 → X 2 , 3 → . . . → X 2 , t = E 2 . . . . . . f f f f S m = X m , 1 → X m , 2 → X m , 3 → → X m , t = E m . . . The generated values should cover the set A (probabilistic). Only the first and the last element of each chain is stored. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 9

  10. Online Attack Gildas Avoine Cracking Passwords with Time-memory Trade-offs 10

  11. Online Attack (Recap) Given one output y ∈ B , we compute y 1 := R ( y ) and f f f generate a chain starting at y 1 : y 1 → y 2 → y 3 → . . . y s S 1 E 1 S m E m y s not y 1 y 2 y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 11

  12. Coverage and Collisions Collisions occur during the precalculation phase. Several tables with different reduction functions. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 12

  13. OECHSLIN TABLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  14. Using Several Reduction Functions (Oechslin, 2003) Use a different reduction function per column: rainbow tables. Invert h : A → B . Define R i : B → A arbitrary (reduction) functions. Define f i : A → A such that f i = R i ◦ h . f 1 f 2 f 3 f t S 1 = X 1 , 1 → X 1 , 2 → X 1 , 3 → . . . → X 1 , t = E 1 f 1 f 2 f 3 f t S 2 = X 2 , 1 → X 2 , 2 → X 2 , 3 → . . . → X 2 , t = E 2 . . . . . . f 1 f 2 f 3 f t S m = X m , 1 → X m , 2 → X m , 3 → . . . → X m , t = E m Gildas Avoine Cracking Passwords with Time-memory Trade-offs 14

  15. Discarding the Merges If 2 chains collide in different columns, they don’t merge. If 2 chains collide in same column, merge can be detected. A table without merges is said perfect Gildas Avoine Cracking Passwords with Time-memory Trade-offs 15

  16. Online Procedure is More Complex Given one output y ∈ B , we compute y 1 := R ( y ) and generate a chain starting at y 1 : f t − s f t − s +1 f t − s +2 → y 2 → → y 1 y 3 . . . y s S 1 E 1 S m E m y s y y 1 y 2 y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 16

  17. Success Probability of a Table is Bounded Theorem Given t and a sufficiently large N, the expected maximum number of chains per perfect rainbow table without merge is: 2 N m max ( t ) ≈ t + 1 . Theorem Given t, for any problem of size N, the expected maximum probability of success of a single perfect rainbow table is: � t � 2 P max ( t ) ≈ 1 − 1 − t + 1 which tends toward 1 − e − 2 ≈ 86% when t is large. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 17

  18. Average Cryptanalysis Time Theorem Given N, m, ℓ , and t, the average cryptanalysis time is: k = ℓ t i = t p k (( t − c )( t − c + 1) � � T = + q i i ) ℓ + 2 k =1 i = c c = t −⌊ k − 1 ⌋ ℓ i = t N ) ℓ t ( t ( t − 1) (1 − m � + q i i ) ℓ 2 i =1 where q i = 1 − m N − i ( i − 1) t ( t + 1) . Gildas Avoine Cracking Passwords with Time-memory Trade-offs 18

  19. REAL LIFE EXAMPLES Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  20. Statistics from 10,000 Leaked Hotmail Passwords Password Type % numeric 19% lower case alpha 42% mixed case alpha 3% mixed numeric alpha 30% other charac 6% Password Length % ≤ 7 37% ≤ 8 58% ≤ 9 70% Gildas Avoine Cracking Passwords with Time-memory Trade-offs 20

  21. Windows LM Passwords (Algorithm) Win98/ME/2k/XP uses the Lan Manager Hash (LM hash). The password is cut in two blocks of 7 characters. Lowercase letters are converted to uppercase. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 21

  22. Windows LM Hash (Results) Cracking an alphanumerical password (LM Hash) on a PC. Size of the problem: N = 8 . 06 × 10 10 = 2 36 . 23 . Brute Force TMTO 4 . 03 × 10 10 1 . 13 × 10 6 Online Attack (op) Time 2 h 15 0.226 sec 1 . 42 × 10 13 Precalculation (op) 0 Time 0 33 days Storage 0 2 GB Gildas Avoine Cracking Passwords with Time-memory Trade-offs 22

  23. Windows NT LM Passwords Win NT/2000/XP/Vista/Seven uses the NT LM Hash. The password is no longer cut in two blocks. Lowercase letters are not converted to uppercase. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 23

  24. Windows NT LM Hash (Results) Cracking a 7-char (max) alphanumerical password (NT LM Hash) on a PC. Size of the problem: N = 2 41 . 7 . Brute Force TMTO 1 . 78 × 10 12 Online Attack (op) ? Time 99 hrs ? Precalculation (op) 0 ? Time 0 ? Storage 0 ? Gildas Avoine Cracking Passwords with Time-memory Trade-offs 24

  25. FINGERPRINT TABLES (Joint work with A. Bourgeois and X. Carpent) Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  26. Checkpoints (Avoine, Junod, Oechslin, 2005) Given one output y ∈ B , we compute y 1 := R ( y ) and generate a chain starting at y 1 : f t − s f t − s +1 f t − s +2 → y 2 → → y 1 y 3 . . . y s S 1 E 1 S m E m y s y y 1 y 2 checkpoint y 1 y 1 y time needed time needed to rebuild the chain to find a matching endpoint Gildas Avoine Cracking Passwords with Time-memory Trade-offs 26

  27. Ridge Functions Endpoints and checkpoints share the same nature. Each column contains a ridge function that outputs a (potentially empty) fingerprint of the chain. Endpoints are no longer stored. We no longer look for matching endpoints but for matching fingerprints. Gildas Avoine Cracking Passwords with Time-memory Trade-offs 27

  28. Ridge functions (Avoine, Bourgeois, Carpent, 2012) F I S 1 N G E R P R I S m N T y s y y 1 S y 2 y 1 y 1 ridges y time needed time needed to find a matching endpoint to rebuild the chain Gildas Avoine Cracking Passwords with Time-memory Trade-offs 28

  29. Fingerprint Tables Theorem The average amount of evaluations of h during the online phase using the fingerprint tables is: ℓ t m 1 − m � k − 1 1 − m � ℓ t � � � T = ( W k + Q k ) + ( W ℓ t + Q ℓ t ) , N N N k =1 t � i − 1 � 1 − m i � � � c i = t − , q c = 1 − , ℓ N i = c   k t i − 1 � � �  ( q i − q i +1 ) , W k = ( t − c i ) , P c = φ j  i =1 i = c j = c k t � � Q k = ( c i − 1)( P c i + E c i ) , E c = ( m − q c ) φ i . i =1 i = c Gildas Avoine Cracking Passwords with Time-memory Trade-offs 29

  30. Windows NT LM Hash (Results) Cracking a 7-char (max) alphanumerical password (NT LM Hash) on a PC. Size of the problem: N = 2 41 . 7 . Brute Force TMTO 1 . 78 × 10 12 2 . 94 × 10 7 Online Attack (op) Time 99 hrs 5.9 sec 6 . 29 × 10 14 Precalculation (op) 0 Time 0 1458 days Storage 0 16 GB Gildas Avoine Cracking Passwords with Time-memory Trade-offs 30

  31. CONCLUSION Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion

  32. Limits of Cryptanalytic Time-memory Trade-offs A TMTO is never better than a brute force. TMTO makes sense in several scenarios. ◦ Attack repeated several times. ◦ Lunchtime attack. ◦ Attacker is not powerful but can download tables. Two conditions to perform a TMTO. ◦ Reasonably-sized problem. ◦ One-way function (or chosen plaintext attack on a ciphertext) Gildas Avoine Cracking Passwords with Time-memory Trade-offs 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory

Introduction 1/24 Gatan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc & codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G.

430 views • 31 slides
TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides

TRADE-OFFS AMONG AI TRADE-OFFS AMONG AI TECHNIQUES TECHNIQUES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Vogelsang, Andreas, and Markus Borg. " Requirements Engineering for Machine Learning:

760 views • 54 slides
Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs:

Chapter 2 Trade-offs, Comparative Advantage, and the Market System Modeling Trade-offs: Production Possibilities Frontier (PPF) The PPF: Demonstrates the maximum attainable combination of two products with a given technology and a given

592 views • 13 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the

Trade- offs in childrens time allocation : Mixed support for embodied capital models of the demographic transition in Tanzania Sophie Hedges 1* , Rebecca Sear 1 , Jim Todd 1,2 , Mark Urassa 2 , & David W. Lawson 3 1 Department of Population

665 views • 49 slides
Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas

Time-Cost Trade-offs of Pipelined Dataflow Applications Jonathan Kho 1 , Erik Saule 4 , Anas AbuDoleh 1 , Xusheng Wang 1 , Hao Ding 2 , Kun Huang 1 , Raghu Machiraju 1 , 2 , urek 1 , 3 Umit V. C ataly 1 Biomedical Informatics, The Ohio

489 views • 33 slides
Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information Security Group Royal Holloway, University of London ESORICS 2011 Traditional Access Control ? SECRET Time-Storage

707 views • 45 slides
on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft

Attacking binary elliptic curves on a quantum computer On quantum arithmetic and space-time trade-offs Martin Roetteler Microsoft Research Based on joint work with Brittanney Amento and Rainer Steinwandt [arXiv.org: 1209.5491, 1209.6348,

1.21k views • 76 slides
Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte

Time-Space Trade-Offs for the Longest Common Substring Problem Tatiana Starikovskaya 1 and Hjalte Wedel Vildhj 2 1 Moscow State University, Department of Mechanics and Mathematics, tat.starikovskaya@gmail.com 2 Technical University of Denmark,

1.17k views • 27 slides
Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin

Time-Space Trade-Offs for Longest Common Extensions Philip Bille 1 , Inge Li Grtz 1 , Benjamin Sach 2 , and Hjalte Wedel Vildhj 1 1 Technical University of Denmark, DTU Informatics, { phbi,ilg,hwvi } @imm.dtu.dk 2 University of Warwick,

948 views • 56 slides
Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus

Time-Space Trade-Offs for 2D Range Minimum Queries Gerth Stlting Brodal Pooya Davoodi Aarhus University S. Srinivasa Rao Seoul National University 18 th Annual European Symposium on Algorithms, Liverpool, United Kingdom, September 8, 2010

361 views • 23 slides
PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom silicon to be implemented easily. The result is a chip that can be built specifically for cracking passwords. This presentation focuses on uncovering

606 views • 47 slides
Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs

Compressive Extreme Learning Machines Improved Models Through Exploiting Time-Accuracy Trade-offs Mark van Heeswijk, Amaury Lendasse, Yoan Miche September 5, 2014 Outline Motivation Extreme Learning Machines Compressive Extreme Learning

975 views • 48 slides
Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen

Time-space Trade-offs for Voronoi Diagrams Matias Korman Wolfgang Mulzer Andr e van Renssen National institute of Institut f ur Informatik, National institute of informatics. Freie Universit at informatics. Tokyo, Japan Berlin,

374 views • 35 slides
User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of

Enemy targeting, trade - offs, and the evolutionary Assembly of a tortoise beetle defense arsenal Fredric V. Vencl Ecology and Evolution, Stony Brook

262 views • 9 slides
ELECTRIC VEHICLE READINESS ORDINANCE SALT LAKE CITY SUSTAINABILITY DEPARTMENT PRESENTATION AGENDA

ELECTRIC VEHICLE READINESS ORDINANCE SALT LAKE CITY SUSTAINABILITY DEPARTMENT PRESENTATION AGENDA

ELECTRIC VEHICLE READINESS ORDINANCE SALT LAKE CITY SUSTAINABILITY DEPARTMENT PRESENTATION AGENDA 01 BACKGROUND + CONTEXT An introduction to electric vehicle readiness and current SLC policy 02 LOCAL BENEFITS How EV readiness provides

522 views • 21 slides
Cracking Sendmail crackaddr Still a challenge for automated program analysis? Name Lastname <

Cracking Sendmail crackaddr Still a challenge for automated program analysis? Name Lastname <

Hackito Ergo Sum October 29th, 2015 Cracking Sendmail crackaddr Still a challenge for automated program analysis? Name Lastname < name @ mail . org > ()()()()()()()()() . . . ()()() Bogdan Mihaila Technical University of Munich, Germany

845 views • 82 slides
Cracking Drupal Subtitle Security concepts and pitfalls Peter Wolanin Add speaker name here

Cracking Drupal Subtitle Security concepts and pitfalls Peter Wolanin Add speaker name here

Drupaldelphia May 10, 2019 Title slide Cracking Drupal Subtitle Security concepts and pitfalls Peter Wolanin Add speaker name here http://vuln.rocks/crackdru Special thanks to Klaus Purer for creating the original talk and slides Agenda

967 views • 51 slides
CRACKING - Investigating one of the biggest - digital heists in history

CRACKING - Investigating one of the biggest - digital heists in history

CRACKING - Investigating one of the biggest - digital heists in history from the outside K IM N ILSSON Brief history reminder Basics of blockchain analysis Acquiring the missing pieces Findings so far

893 views • 67 slides
Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs:

Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs:

Minimizing Threats from Flawed Security APIs Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs: A Banking PIN Example Mohammad Mannan Carleton University Mohammad Mannan June 26, 2008 1/21

543 views • 21 slides
Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges

Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges

Introduction Cracking the Encryption The Graphics Protocol Finale Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges December 28, 2009 Florian floe Echtler, Chris platon Hodges USB to

644 views • 31 slides
Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies

Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies

Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies Trust - who can do what Principle of least privilege - each site user should have only the permissions necessary to do their job Defense

623 views • 36 slides
SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2 EB to Hwy 684 SB off ramp at the 99 Ave. intersection. Drop in asphalt trail (background) has worsened since 2013 and is now at 300 mm. Photo

894 views • 17 slides

More recommend