legacy crypto never dies
play

Legacy Crypto Never Dies (Why won't DES just die???) David Hulton - PowerPoint PPT Presentation

Mar 22, 2024 •201 likes •578 views

Legacy Crypto Never Dies (Why won't DES just die???) David Hulton <david@toorcon.org> crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only. DefCon 2012 Recap

  1. Legacy Crypto Never Dies (Why won't DES just die???) David Hulton <david@toorcon.org> crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  2. DefCon 2012 Recap ● 100% break of MSCHAPv2 ● Provides mutual authentication with a password ● Specifjcally focused on usage with PPTP VPNs ● Also used for WPA2-Enterprise ● Nothing new ● Schneier, Mudge, and Wagner published 2 57 attack in 1999 ● Showed that state actors and well funded groups could crack this crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  3. Known Plaintext Ciphertext crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  4. Password 96 14 = 5.6e27 = ~2 92 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  5. Key(s) crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  6. crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  7. crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  8. crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  9. crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  10. So what was new?? ● We demonstrated that it can actually be done with 2 56 DES computations ● And we let everyone do it crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  11. Isn't DES easy to crack? EFF DES Cracker 2 56 / 90,000,000,000 = 9.2 days 24 hours: AWS EC2 CPU Instances AWS P1 Instances Virtex-6 LX240 FPGAs 80,000 CPU cores 1,800 GPUs 48 FPGAs ~$125,000/key ~$20,000/key $20/key crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  12. Everyone rushed to fj fjx things! ● J/K LOL! crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  13. Since then... ● Got some interesting jobs Plaintext Ciphertext1 Ciphertext2 b626b695d3484d73 028cfe9f29bb0f57 9f012865e1c7bd05 1122334455667788 53d6c7446351200a f458f90b13c35d1d 9b3ade697231be6c 843e7dc50d856104 843e7dc50d856104 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  14. Started seeing articles... crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  15. DES was very much still alive ● People were obviously using the system for more than what we originally intended ● One day traffjc dropped and I started receiving emails crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  16. 404 ● cloudcracker.com disappeared in late 2015 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  17. Reinventing the service ● What were people using it for? ● What features should we add? ● How can we kill DES once and for all? crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  18. Windows Authentication ● Lanman and NTLMv1 authentication ● Metasploit SMB Relay with 100% success rate crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  19. Windows Authentication ● 100% break in Lanman/NTLMv1 Windows Authentication Lanman Hash NTLM Hash crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  20. WPA2-Enterprise ● Most environments don't validate the server certifjcate (or the user authenticates anyway) crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  21. WPA2-Enterprise ● 100% break in WPA2-Enterprise MSCHAPv2 (For environments that don't properly validate server certifjcate) crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  22. Cracking SIM Cards ● “Rooting Sim Cards” - Karsten Nohl, SRLabs BH USA 2013 Mr. Robot S2E9 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  23. Known Plaintext Interface ● Decided to provide a general purpose interface ● Most of the time simple rules work best: for (int i=0;i<2^56;i++) { result = DES key[i] (ciphertext); if ((result & mask) == (plaintext & mask)) key = result; } https://github.com/h1kari/des_kpt crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  24. Kerberos ● If DES is supported, downgrade is trivial crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  25. Kerberos: Downgrade ● Simple ettercap fjlter to s/*/des-cbc-crc crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  26. Kerberos ● ASN.1 Plaintext can be easily determined ● CBC lets us easily crack Key with any block in protocol CT N-1 KPT PT crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  27. Kerberos ● 100% break of DES Kerberos https://github.com/h1kari/des_kpt crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  28. DES crypt() Hashes ● Started receiving emails asking if I can crack them ● Initially designed so a PDP-11/70 would take > 1 second to compute (vs 1.25ms for M-209) ● But no one uses DES crypt() anymore? Right?? crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  29. DES crypt() Hashes ● QNX Anybody? ● “50 Million Vehicles and Counting: QNX Achieves New Milestone in Automotive Market“ - QNX Press Release 1/15 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  30. DES crypt() Hashes ● 100% break of DES crypt() 96 8 * 25 / 640,000,000,000 = ~3 days crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  31. DES crypt() Hashes ● QNX Anybody? ● “50 Million Vehicles and Counting: QNX Achieves New Milestone in Automotive Market“ - QNX Press Release 1/15 dtdonkey vuihgwdn crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  32. crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  33. API crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  34. API crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  35. API crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

  36. Questions/Comments? ● Help kill legacy crypto! ● Email me to run free jobs ● https://crack.sh ● https://github.com/h1kari/chapcrack ● https://github.com/h1kari/des_kpt ● David Hulton <david@toorcon.org> ● ToorCon 19 San Diego Aug 29 - Sep 3, 2017 ● ToorCamp 4 Jun 20 – 24, 2018 crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Protecting TLS from Legacy Crypto http://mitls.org Karthikeyan Bhargavan + + many, many other

Protecting TLS from Legacy Crypto http://mitls.org Karthikeyan Bhargavan + + many, many other

Protecting TLS from Legacy Crypto http://mitls.org Karthikeyan Bhargavan + + many, many other ers . (INRIA, Microsoft Research, LORIA, IMDEA, Univ of Pennsylvania, Univ of Michigan, JHU) Popular cryptographic protocols evolve Agility :

690 views • 50 slides
no more downgrades : protec)ng TLS from legacy crypto karthik bhargavan INRIA joint work with:

no more downgrades : protec)ng TLS from legacy crypto karthik bhargavan INRIA joint work with:

no more downgrades : protec)ng TLS from legacy crypto karthik bhargavan INRIA joint work with: g. leurent, c. brzuska, c. fournet, m. green, m. kohlweiss, s. zanella-beguelin TLS: a long year of downgrade aFacks POODLE TLS 1.2 SSLv3

487 views • 22 slides
MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in Children v. 13-16 Legacy in Eternity v. 17-31 LEGACY IN MARRIAGE 2 Schools of thought 1. Rabbi Sammai- Strict interpretation. Divorce only

775 views • 9 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy and the spirit of Truc Lam Yen Zen Buddhism, the Legacy Yen Tu is an inspiring journey into the past. It offers travelers a stay filled with storied

688 views • 32 slides
What t to D Do When en T The Ho e Homeo eowner er D Dies es &amp; Ho How t to Han

What t to D Do When en T The Ho e Homeo eowner er D Dies es &amp; Ho How t to Han

What t to D Do When en T The Ho e Homeo eowner er D Dies es &amp; Ho How t to Han Handle Divorces ces September 19, 2017 Issues Arising from the Homeowners Death or Divorce TITLE WHO OWNS THE HOME NOW? After the

663 views • 29 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal is to create

1.18k views • 56 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal

412 views • 40 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM Qubec , is comprised of 163 charitable organizations that support its mission which is to encourage the population of Quebec to make a planned

312 views • 18 slides
Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com Case Study Migrating Legacy.com Jordan Ryan Product Owner Ankur Gupta Lead Developer Bassam Ismail Front-end Lakshmi Narasimhan RESTful

458 views • 45 slides
LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems

LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems

LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems I. Legacy Outline I. Legacy a) Mission and History b) People, Services, and Locations c) Financial Strength II. Partnership a)

603 views • 26 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation &amp; opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation

Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation

Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation of cracking policy crack crack_one pushdown_concats crack_scan Current implementation of adaptive merge policy

418 views • 22 slides
CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10

CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10

CS34 2012-12-10 CS 134: Operating Systems Security (continued) CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10 Attacks Overview Defenses Attacks Defenses 2 / 23 Attacks Defense Rule #1

684 views • 29 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

770 views • 28 slides
SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2 EB to Hwy 684 SB off ramp at the 99 Ave. intersection. Drop in asphalt trail (background) has worsened since 2013 and is now at 300 mm. Photo

894 views • 17 slides
Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix and Windows Michal Knapkiewicz, May 2016 whoami Senior Consultant at Advanced Security

884 views • 51 slides
Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch on the most commonly seen security problems Thinking about them is likely to lead to more secure code Lecture 13 Page 1 CS 236 Online 1.

439 views • 22 slides
Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA

Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA

Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA Problem definition Cryptographic material Personal Security Environment (PSE) SSO credentials (cred_v2) Local Protection Store (LPS)

1.18k views • 62 slides
f } g e t int main() s { char login[512]; fgets(login, 512, stdin); if (! verify(login))

f } g e t int main() s { char login[512]; fgets(login, 512, stdin); if (! verify(login))

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include &lt;stdio.h&gt; // fgets, fputs void reveal_secret() login { fputs(&quot;SUPER SECRET = 42\n&quot;, stdout); } stdin int verify(const char*

556 views • 28 slides

More recommend