password cracking
play

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer - PowerPoint PPT Presentation

Apr 05, 2024 •705 likes •1.49k views

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

  1. Introduction Let’s Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

  2. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness The Basics What are passwords for? Sam Martin and Mark Tokutomi Password Cracking

  3. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness The Basics What are passwords for? Proving identity (Authentication) Sam Martin and Mark Tokutomi Password Cracking

  4. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness The Basics What are passwords for? Proving identity (Authentication) There are multiple ways to authenticate yourself Sam Martin and Mark Tokutomi Password Cracking

  5. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Authentication Something you are Something you have Sam Martin and Mark Tokutomi Password Cracking

  6. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Authentication Something you are Something you have or... Sam Martin and Mark Tokutomi Password Cracking

  7. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Something you know! Sam Martin and Mark Tokutomi Password Cracking

  8. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Why would this be more or less useful? Compromised authentication Sam Martin and Mark Tokutomi Password Cracking

  9. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Why would this be more or less useful? Compromised authentication Anonymity Sam Martin and Mark Tokutomi Password Cracking

  10. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Why would this be more or less useful? Compromised authentication Anonymity People are so bad at making passwords... Sam Martin and Mark Tokutomi Password Cracking

  11. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Why would this be more or less useful? Compromised authentication Anonymity People are so bad at making passwords... Let alone keeping them secret! Sam Martin and Mark Tokutomi Password Cracking

  12. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Sam Martin and Mark Tokutomi Password Cracking

  13. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Before we find out how to crack passwords, we need to know what we’re fighting What does the Unix password file look like? Sam Martin and Mark Tokutomi Password Cracking

  14. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness 1 User or account name 2 Hash of password 3 User number 4 Group identifier 5 Gecos field 6 Home directory 7 Opening command Sam Martin and Mark Tokutomi Password Cracking

  15. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness But shouldn’t the password file have passwords in it Sam Martin and Mark Tokutomi Password Cracking

  16. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness But shouldn’t the password file have passwords in it (I’m a well known liar) The actual hashes are in the shadow file Sam Martin and Mark Tokutomi Password Cracking

  17. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness But shouldn’t the password file have passwords in it (I’m a well known liar) The actual hashes are in the shadow file The average user can’t get his hands on the hashes Sam Martin and Mark Tokutomi Password Cracking

  18. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness The S ecurity A ccount M anager file is similar to the Unix passwd File 1 User or account name 2 User number 3 Encrypted password 4 Hash 1 of password 5 Hash 2 of password 6 Full name of user 7 Home directory Sam Martin and Mark Tokutomi Password Cracking

  19. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Everyone can read the Unix passwd file The operating system has an exclusive lock on the Windows SAM file Sam Martin and Mark Tokutomi Password Cracking

  20. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness Everyone can read the Unix passwd file The operating system has an exclusive lock on the Windows SAM file Why are these different? Sam Martin and Mark Tokutomi Password Cracking

  21. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness WPA2 Passwords Sam Martin and Mark Tokutomi Password Cracking

  22. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness SQL tables for webservices Sam Martin and Mark Tokutomi Password Cracking

  23. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness SQL tables for webservices Encrypted? Sam Martin and Mark Tokutomi Password Cracking

  24. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness SQL tables for webservices Encrypted? Hashed? Sam Martin and Mark Tokutomi Password Cracking

  25. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness SQL tables for webservices Encrypted? Hashed? Cleartext? Sam Martin and Mark Tokutomi Password Cracking

  26. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness More randomness is more strength Sam Martin and Mark Tokutomi Password Cracking

  27. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness More randomness is more strength Decent systems will add randomness for you Sam Martin and Mark Tokutomi Password Cracking

  28. Introduction Building Blocks Let’s Attack Unix Password File A Time-Memory Trade-Off Windows SAM File The LanManager Hash Other Password Schemes Physical Attacks Salty Goodness More randomness is more strength Decent systems will add randomness for you This strengthens passwords and makes precomputation attacks difficult Sam Martin and Mark Tokutomi Password Cracking

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides
Password Cracking Prof. Tom Austin San Jos State University How should you store users'

Password Cracking Prof. Tom Austin San Jos State University How should you store users'

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

359 views • 11 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

770 views • 28 slides
Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi, Maximilian Golla, David Cash, and Blase Ur November 26, 2019 | PasswordsCon | Stockholm, Sweden People Choose Weak Passwords Johnny14! 2 November 26,

2.25k views • 49 slides
Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Introduction Background Research Results

389 views • 34 slides
Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur Chic4go 2 Attack Model 80d561388725fa74f2d03cd16e1d687c 3 Attack Model 80d561388725fa74f2d03cd16e1d687c

822 views • 81 slides
Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Distributed Password Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master Students Michiel van Veen 08-02-2012 1 The project Research Question : How can a scalable , modular and extensible middleware

357 views • 22 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens Steube Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more it

894 views • 19 slides
DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger Pirk Eleni Petraki Strato Idreos Stefan Manegold Martin Kersten EVALUATING RANGE PREDICATES COMPLEXITY ON PAPER Scanning: O(n) Sorting:

910 views • 43 slides
Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison Telco/Internet Comparison Internet Telephone System no central authority central authority end systems in control network in control

1.07k views • 59 slides
Privacy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt,

Privacy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt,

Privacy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ March 31, 2010 Announcements Reminder:

740 views • 31 slides
Position-Based Quantum Cryptography: Impossibility and Constructions Harry Buhrman, Christian

Position-Based Quantum Cryptography: Impossibility and Constructions Harry Buhrman, Christian

Position-Based Quantum Cryptography: Impossibility and Constructions Harry Buhrman, Christian Schaffner Serge Fehr Nishanth Chandran, Ran Gelles Rafail Ostrovsky Vipul Goyal CRYPTO 2011 http://arxiv.org/abs/1009.2490 Wednesday, August 17,

461 views • 18 slides
Interfacing, and Tri-States 2 Signal Types Recall even digital signals are just voltages

Interfacing, and Tri-States 2 Signal Types Recall even digital signals are just voltages

1 EE 109 Unit 18 Noise Margins, Interfacing, and Tri-States 2 Signal Types Recall even digital signals are just voltages Analog signal Continuous time signal where each voltage level has a unique meaning Digital signal

651 views • 22 slides
1 most of their time thinking about the fundamentals, to take a step back and look at the broader

1 most of their time thinking about the fundamentals, to take a step back and look at the broader

MITOCW | 1. Introduction The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To make a donation or view additional materials

779 views • 32 slides
Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011

Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011

Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011 University of California, Irvine The Labs UCI Laboratory Setup IDEAL band - pass pure water Gd pretreat system system system Gd removal

718 views • 30 slides
Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries

Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries

Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries Resistance R. J. Wilkes Email: phy115a@u.washington.edu Home page: http://courses.washington.edu/phy115a/ 5/6/14 1 Lecture Schedule (up to

466 views • 17 slides
Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic in Maude Universidade Federal Fluminense s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2

1.07k views • 72 slides

More recommend