reasoning analytically about password cracking software
play

Reasoning Analytically About Password-Cracking Software Enze Alex - PowerPoint PPT Presentation

Nov 12, 2022 •12 likes •822 views

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur Chic4go 2 Attack Model 80d561388725fa74f2d03cd16e1d687c 3 Attack Model 80d561388725fa74f2d03cd16e1d687c

  1. Reasoning Analytically About Password-Cracking Software Enze “Alex” Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

  2. Chic4go 2

  3. Attack Model 80d561388725fa74f2d03cd16e1d687c 3

  4. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 4

  5. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 5

  6. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 6

  7. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 7

  8. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845 8

  9. Attack Model 80d561388725fa74f2d03cd16e1d687c 1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845 6. h(“Chic4go”) = 80d561388725fa74f2d03cd16e1d687c 9

  10. Chic4go 10

  11. Chic4go Guess # 6 11

  12. Chic4go Guess # 6 Guess # 13,545,239,432 12

  13. 13

  14. Password-Cracking Methods Probabilistic Models Software Tools 14

  15. Password-Cracking Methods Probabilistic Models Software Tools Guess # Chic4go 15

  16. Password-Cracking Methods Probabilistic Models Software Tools Guess # Chic4go 16

  17. Guess Number by Enumeration 1. 123456 2. password 3. monkey Does Not Scale !!! 4. letmein 5. p@ssw0rd 6. Chic4go 17

  18. Our Analysis Goals 1. Compute guess numbers efficiently 2. Configure guessing method systematically 18

  19. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 19

  20. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # Configuration 20

  21. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 21

  22. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 22

  23. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess # [CCS 2015] Configuration 23

  24. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess-Efficient 24

  25. Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005] Probabilistic Context-Free Grammars [Weir et al., S&P 2009] Neural Networks [Melicher et al., Usenix Security 2016] Guess-Efficient Wall-Clock Time Slow 25

  26. Software Tools John the Ripper Hashcat 26

  27. Software Tools chicdog chicagos chicago1 CHICAG chicago2 chicaga chicago chicago3 Chicago chicago6 CHICAGO chicago9 CHIcago 27

  28. Software Tools John the Ripper Hashcat Guess-Inefficient Wall-Clock Time Fast 28

  29. Software Tools John the Ripper Hashcat Guess-Inefficient Wall-Clock Time Fast 29

  30. Software Tools John the Ripper Hashcat Guess # [S&P 2019] Configuration 30

  31. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 31

  32. Mangled Wordlist Attack 32

  33. Mangled Wordlist Attack Wordlist Super Password Chicago 33

  34. Mangled Wordlist Attack Wordlist Rulelist Super 1. Append “1” Password 2. Replace “a” → “4” Chicago 3. Lowercase all 34

  35. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Chicago 3. Lowercase all 35

  36. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all 36

  37. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 37

  38. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 38

  39. Mangled Wordlist Attack Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go super password chicago 39

  40. Example Wordlists and Rulelists Wordlist PGS ( ≈ 20,000,000) Linkedin ( ≈ 60,000,000) HIBP ( ≈ 500,000,000) 40

  41. Example Wordlists and Rulelists Wordlist Rulelist PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) 41

  42. Example Wordlists and Rulelists Wordlist Rulelist 10 9 - 10 15 PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) guesses Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) 42

  43. Example Wordlists and Rulelists Wordlist Rulelist 10 9 - 10 15 PGS ( ≈ 20,000,000) Korelogic ( ≈ 5,000) guesses Linkedin ( ≈ 60,000,000) Megatron ( ≈ 15,000) HIBP ( ≈ 500,000,000) Generated2 ( ≈ 65,000) + Hackers’ private word/rule lists 43

  44. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 44

  45. Is This Password in the Guesses? Guesses Super1 Password1 Chic4go Chicago1 Super P4ssword Chic4go super password chicago 45

  46. Is This Password in the Guesses? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go super password chicago 46

  47. Insight We can work backwards! 47

  48. Insight: Invert Rules Password Chic4go 48

  49. Insight: Invert Rules Rulelist Password 1. Append “1” Chic4go 2. Replace “a” → “4” 3. Lowercase all 49

  50. Insight: Invert Rules Rulelist Password 1. Append “1” Chic4go 2. Replace “a” → “4” 3. Lowercase all 50

  51. Insight: Invert Rules Preimages Rulelist Password Chicago 1. Append “1” Chic4go 2. Replace “a” → “4” Chic4go 3. Lowercase all 51

  52. 52

  53. *05 O03 d '7 Switch the first and the sixth char; Delete the first three chars; Duplicate the whole word; Truncate the word to length 7; Preimages? Preimages? Chic4go 53

  54. Where in the Stream? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 54

  55. Where in the Stream? Wordlist Rulelist Guesses Super 1. Append “1” Super1 Password 2. Replace “a” → “4” Password1 Chicago 3. Lowercase all Chicago1 Super P4ssword Chic4go 55

  56. Counting Guesses For Each Rule Wordlist Rule Guesses Reject if no “a”; Super 2 Password Replace a → 4 Chicago 56

  57. Our First Contribution ● Fast Guess Number Estimation 57

  58. Fast Guess Number Estimation Linkedin + SpiderLab 58

  59. Fast Guess Number Estimation Linkedin + SpiderLab Guesses 59

  60. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB 60

  61. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB Preprocessing > 2 years < 1 day 61

  62. Fast Guess Number Estimation Linkedin + SpiderLab Guesses Enumeration Our Approach Size ~ 3 PB ~ 10 GB Preprocessing > 2 years < 1 day Mean Lookup ??? < 1 second 62

  63. Outline ● State of the art ● How software password-cracking tools work ● Our efficient techniques for guess numbers ● Our techniques for systematic configuration 63

  64. Software Tools Depend On ● Order of rules ● Contents of the rulelist ● Order of words ● Contents of the wordlist 64

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi, Maximilian Golla, David Cash, and Blase Ur November 26, 2019 | PasswordsCon | Stockholm, Sweden People Choose Weak Passwords Johnny14! 2 November 26,

2.25k views • 49 slides
Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides
Password Cracking Prof. Tom Austin San Jos State University How should you store users'

Password Cracking Prof. Tom Austin San Jos State University How should you store users'

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

359 views • 11 slides
Potential of Milky Way Potential of Milky Way given analytically given analytically XI B

Potential of Milky Way Potential of Milky Way given analytically given analytically XI B

Potential of Milky Way Potential of Milky Way given analytically given analytically XI B Bulgarian- ulgarian-S Serbian erbian A Astronomical stronomical C Conference onference XI 14-18.05.2018. - Belogradchik, 14-18.05.2018. -

248 views • 23 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

770 views • 28 slides
Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Introduction Background Research Results

389 views • 34 slides
Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Distributed Password Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master Students Michiel van Veen 08-02-2012 1 The project Research Question : How can a scalable , modular and extensible middleware

357 views • 22 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
Effect Transition Moment Integral Can be evaluated analytically Often simplified by

Effect Transition Moment Integral Can be evaluated analytically Often simplified by

Lecture 14: Anharmonic Oscillator and Raman Effect Transition Moment Integral Can be evaluated analytically Often simplified by symmetry Gives rise to selection rules if recursion formulae exist The chemical bond as a simple harmonic

412 views • 23 slides
twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides
Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt 2019 (Fully Homomorphic) Encryption Encryption: used to protect data at rest or in transit Enc( m ) Enc( m ) Enc( m ) Fully Homomorphic

2.2k views • 39 slides
Loss factorization, weakly supervised learning and label noise robustness Giorgio Patrini,

Loss factorization, weakly supervised learning and label noise robustness Giorgio Patrini,

Loss factorization, weakly supervised learning and label noise robustness Giorgio Patrini, Frank Nielsen, Richard Nock, Marcello Carioni Australian National University, Data61 (ex NICTA), Ecole Polytechnique, Sony CS Labs, Max

847 views • 31 slides
4.2: Isomorphism of Grammars In this section, we study grammar isomorphism, i.e., the way in

4.2: Isomorphism of Grammars In this section, we study grammar isomorphism, i.e., the way in

4.2: Isomorphism of Grammars In this section, we study grammar isomorphism, i.e., the way in which grammars can have the same structure, even though they may have different variables. 1 / 10 Definition and Algorithm Suppose G is the grammar

271 views • 15 slides
Search for H + and H ++ bosons with the CMS detector Nuno Almeida LIP Lisbon (On behalf of

Search for H + and H ++ bosons with the CMS detector Nuno Almeida LIP Lisbon (On behalf of

Search for H + and H ++ bosons with the CMS detector Nuno Almeida LIP Lisbon (On behalf of CMS collaboration) Supersymmetry 2011 28 Aug- 02 Sept Fermilab Outline Theoretical Overview Search for singly charged Higgs boson Search

419 views • 38 slides
Hausdorff operators in H p spaces, 0 &lt; p &lt; 1 Elijah Liflyand joint work with Akihiko

Hausdorff operators in H p spaces, 0 &lt; p &lt; 1 Elijah Liflyand joint work with Akihiko

Hausdorff operators in H p spaces, 0 &lt; p &lt; 1 Elijah Liflyand joint work with Akihiko Miyachi Bar-Ilan University June, 2018 Elijah Liflyand joint work with Akihiko Miyachi (Bar-Ilan University) Hausdorff Operators June, 2018 1 / 19

642 views • 47 slides
E (h) o r out in ( h 1 ) E out ( h 1 ) | &gt; o r in ( h 2 ) E out ( h 2 ) | &gt;

E (h) o r out in ( h 1 ) E out ( h 1 ) | &gt; o r in ( h 2 ) E out ( h 2 ) | &gt;

Review of Leture 2 Sine g has to b e one of h 1 , h 2 , , h M , w e onlude that Is Lea rning feasible? Y es, in a p robabilisti sense. If: in ( g ) E out ( g ) | &gt; Hi Then: | E E (h) o r out in (

630 views • 25 slides
Multi-Probe LSH: Efficient Indexing for Efficient Indexing for Multi-Probe LSH:

Multi-Probe LSH: Efficient Indexing for Efficient Indexing for Multi-Probe LSH:

Multi-Probe LSH: Efficient Indexing for Efficient Indexing for Multi-Probe LSH: High-Dimensional Similarity Search High-Dimensional Similarity Search Qin (Christine) (Christine) Lv Lv Qin Stony Brook University Stony Brook University

625 views • 25 slides
On Topological Entropy of Switched Linear Systems with Pairwise Commuting Matrices Guosong Yang

On Topological Entropy of Switched Linear Systems with Pairwise Commuting Matrices Guosong Yang

On Topological Entropy of Switched Linear Systems with Pairwise Commuting Matrices Guosong Yang and Joo P. Hespanha Center for Control, Dynamical Systems, and Computation University of California, Santa Barbara November 15, 2018 1 / 20

432 views • 20 slides

More recommend