probabilistic passphrase cracking
play

Probabilistic Passphrase Cracking Luc Gommans Radically Open - PowerPoint PPT Presentation

Apr 26, 2023 •315 likes •488 views

Probabilistic Passphrase Cracking Luc Gommans Radically Open Security Contents 1. Introduction 2. Prior Work 3. Research Question 4. Methods 5. Results 6. Conclusions 7. Future work 2 What are passphrases? balsa chew pure swan I

  1. Probabilistic Passphrase Cracking Luc Gommans Radically Open Security

  2. Contents 1. Introduction 2. Prior Work 3. Research Question 4. Methods 5. Results 6. Conclusions 7. Future work 2

  3. What are passphrases? ● balsa chew pure swan ● I have got a nice bike 3

  4. Prior Work ● 2012 Labrande Hybrid dictionary attack ● 2016 Sparell and Simovits Markov chains ● 2017 Gaastra, Gijtenbeek and Gommans Using lyrics and famous quotes 4

  5. Research Question How can software efciently generate likely passphrases, to be used in passphrase cracking? ● Efcient: – Computational power – RAM – Storage ● Likely: – Results 5

  6. Contribution ● Compare diferent methods ● Implement a new method – Make previous work directly comparable 6

  7. Hybrid dictionary attack ● Reproduced Labrande‘s work – Training dataset – Efectiveness comparison ● Dictionary of phrases + sets of rules – Lowercase all, remove spaces, etc. 7

  8. Probabilistic Method Selection ● Markov chains done by Sparell and Simovits ● Probabilistic Context-Free Grammar applied to passwords successfully ● N-grams popular in text prediction 8

  9. Context-Free Grammar S → NP VP NP → Det N | W VP → V NP W → I | he | she | Joe Det → a | the | my | his N → elephant | cat | jeans | suit V → kicked | followed | shot ● I followed Joe ● a cat shot my elephant 9

  10. Probabilistic Context-Free Grammar ● NP → 0.7(Det N) | 0.3(W) ● Generate probabilities and rules based on texts – Word classifcation database 10

  11. N-grams ● „have we lost or have we won“ n=2 – 2 have we – 1 we lost – 1 lost or – 1 or have – 1 we won → have we won 11

  12. N-grams ● Generated weighted statistics from: – Wikipedia articles – Previously cracked passphrases ● Cracking by taking the most frequently occurring n-gram and fnding continuations 12

  13. Results Efectiveness ● Hybrid dictionary (Labrande) – 4.2M phrases of Korelogic ( 200k of ≥16 characters) ● Hybrid dictionary (ours) – 2.3M phrases of Korelogic ( 147k of ≥16 characters) – 1.3M phrases of LinkedIn ( 13k of ≥16 characters) ● Markov chains – 25k phrases of LinkedIn ( 384 of ≥16 characters) ● N-grams – 835k phrases of Korelogic ( 33k of ≥16 characters) – 482k phrases of LinkedIn ( 4k of ≥16 characters) 13

  14. Results Efciency ● Hybrid dictionary – Speed: >10 000 000 pps (phrases per second) – Storage: medium (690MiB) ● Markov chains – Speed: 2 500–22 500 pps – Storage: unknown ● N-grams – Speed: 3 300 000 pps – Storage: low-medium (47-464MiB) 14

  15. Conclusions ● Hybrid dictionary is efcient and efective ● N-grams most efective when length of phrase ≤ n 15

  16. Future work ● Better language modeling using n-grams ● Probabilistic Context-Free Grammar ● Neural Networks 16

  17. Thank you ● Thanks to Radically Open Security ● See our git repository for GPLv3 licensed: – N-gram phrase generator & models (n=2 and n=3) – Phrase dictionary & rules – Slides and preview of the paper github.com/radicallyopensecurity/passphrase-cracking ● Questions? 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides
twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides
DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger Pirk Eleni Petraki Strato Idreos Stefan Manegold Martin Kersten EVALUATING RANGE PREDICATES COMPLEXITY ON PAPER Scanning: O(n) Sorting:

910 views • 43 slides
Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of this presentation (if you stay awake), you will: Goals Setting Up Checking Injection Understand the different types of wireless keys

447 views • 13 slides
Designing for durability and strength Cracking & durability Local studies on corrosion &

Designing for durability and strength Cracking & durability Local studies on corrosion &

Designing for durability and strength Cracking & durability Local studies on corrosion & cracking Other aspects Presented by: Professor Mark Alexander Concrete Materials and Structural Integrity Research Unit (CoMSIRU)

718 views • 29 slides
PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom

PicoCrack: The Art of Efficient Cracking FPGAs (Field Programmable Gate Arrays) allow custom silicon to be implemented easily. The result is a chip that can be built specifically for cracking passwords. This presentation focuses on uncovering

606 views • 47 slides
Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov & Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides
Physical and Metallurgical Analysis Aids in Understanding Recovery Boiler Tube Cracking

Physical and Metallurgical Analysis Aids in Understanding Recovery Boiler Tube Cracking

Physical and Metallurgical Analysis Aids in Understanding Recovery Boiler Tube Cracking November, 2014 PdM Technology Infrared Thermography Gas Find IR Example of LNG Leak Safety Minute Economizer Tube Cracking Assessment

447 views • 18 slides
Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic

Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic

Table of Contents I Probabilistic Reasoning Classical Probabilistic Models Basic Probabilistic Reasoning: The Jungle Story Multiple Random Selection Rules: Dice New Constructs Causal Probability Observations and Intentions Dynamic Range

1.08k views • 73 slides
ramp. Photo 2. Looking along the guardrail. Cracking has protruded through asphalt patch,

ramp. Photo 2. Looking along the guardrail. Cracking has protruded through asphalt patch,

SHOP SLIDE Photo 1. Cracking across the footpath at the end of the Hwy 2 off ramp. Photo 2. Looking along the guardrail. Cracking has protruded through asphalt patch, with a drop depression in the asphalt and significant bow in the

247 views • 10 slides
Seamless Asphalt Pavement Preservation Featuring Types of asphalt failure Alligator cracking

Seamless Asphalt Pavement Preservation Featuring Types of asphalt failure Alligator cracking

36 th Annual Utah Asphalt Conference Seamless Asphalt Pavement Preservation Featuring Types of asphalt failure Alligator cracking Joint cracking Raveling Rutting Potholes Typical Repair Approaches Sawcut, removal, and

445 views • 27 slides
September 28, 2016 1 Cracking Drupal Security concepts and pitfalls Peter Wolanin Moshe

September 28, 2016 1 Cracking Drupal Security concepts and pitfalls Peter Wolanin Moshe

September 28, 2016 1 Cracking Drupal Security concepts and pitfalls Peter Wolanin Moshe Weitzman Track: PHP https://events.drupal.org/dublin2016/sessions/cracking-drupal Special thanks to Klaus Purer for creating the original talk and slides

683 views • 39 slides
CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software. Probabilistic Programming Probabilistic programming is a tool for statistical modeling. OR A probabilistic programming language is a plain old

688 views • 41 slides
City of Red LodgeProposed Special Improvement District April 12, 2018 Great West Engineering

City of Red LodgeProposed Special Improvement District April 12, 2018 Great West Engineering

City of Red LodgeProposed Special Improvement District April 12, 2018 Great West Engineering Dorsey & Whitney LLP 1 Existing Conditions Existing pavement experiencing: block cracking, large transverse cracking, alligator cracking, and

342 views • 15 slides
2017 State of the Roadway Network in Lynnwood, WA Stephen Smith, P.E., Project Principal IMS

2017 State of the Roadway Network in Lynnwood, WA Stephen Smith, P.E., Project Principal IMS

2017 State of the Roadway Network in Lynnwood, WA Stephen Smith, P.E., Project Principal IMS Infrastructure Management Services Scale of Investment. Scale of Investment. ~36,485 people ~36,485 people ~100 CL miles of City owned

298 views • 29 slides
Hartford BO 1444(60) Alternatives Presentation Meeting Town Highway 6 Bridge #7 over The

Hartford BO 1444(60) Alternatives Presentation Meeting Town Highway 6 Bridge #7 over The

Hartford BO 1444(60) Alternatives Presentation Meeting Town Highway 6 Bridge #7 over The White River and Town Highway 98 May 7, 2019 Introductions Laura Stone, P.E. VTrans Scoping Engineer Todd Sumner, P.E. VTrans Project Manager

604 views • 47 slides
Improvement Center (CCPIC) Pavement Financial and Environmental Sustainability, Some Best

Improvement Center (CCPIC) Pavement Financial and Environmental Sustainability, Some Best

City and County Pavement Improvement Center (CCPIC) Pavement Financial and Environmental Sustainability, Some Best Practices Ashraf Rahim, Erik Updyke, John Harvey Central Coast APWA May 28, 2020 Sponsored by League of California Cities,

774 views • 39 slides
Tim Hanley, P.E. WisDOT Project Manager Daniel Schave, P.E. WisDOT Project Leader May 16,

Tim Hanley, P.E. WisDOT Project Manager Daniel Schave, P.E. WisDOT Project Leader May 16,

Tim Hanley, P.E. WisDOT Project Manager Daniel Schave, P.E. WisDOT Project Leader May 16, 2017 Review purpose and needs for the project Identify alternatives (solutions) to address the needs Discuss next steps 2 3 Regional

522 views • 23 slides
CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP

CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP

CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP ABOUT ME PhD in Co mpute r Sc ie nc e Asso c ia te Pro fe sso r a t No rwic h Unive rsity 10+ ye a rs in info rma tio n te c hno lo g

611 views • 12 slides
Critical issues & challenges in the engineering of DEMO divertor target J.-H. You, E. Visca,

Critical issues & challenges in the engineering of DEMO divertor target J.-H. You, E. Visca,

Critical issues & challenges in the engineering of DEMO divertor target J.-H. You, E. Visca, Ch. Bachmann, & EUROfusion Divertor Project Team J.-H. YOU et al. | IAEA Divertor Workshop | 29 Sep. 2 Oct. 2015 | DEMO divertor in

393 views • 25 slides
Cracking the Code For Outstanding Outsourced Content Jeff Walker , Founder and CEO Content

Cracking the Code For Outstanding Outsourced Content Jeff Walker , Founder and CEO Content

Cracking the Code For Outstanding Outsourced Content Jeff Walker , Founder and CEO Content Carnivores Time + Money + Expertise + Market Conditions + Bandwidth + Compliance + Grammar + Mediocre + SEO + Influencers + Social ROI + Anagrams + Mac

412 views • 17 slides
CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP Je

CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP Je

CE NT RAL VE RMONT I NT E RNE T Pre se nte d b y: Je re my A. Ha nse n, Ph.D CI SSP Je rry Dia ma ntide s, Ph.D ABOUT ME PhD in Co mpute r Sc ie nc e Curre ntly a n Asso c ia te Pro fe sso r a t No rwic h Unive rsity

623 views • 15 slides

More recommend