Passwords

Typical Cracking Approaches

- Dictionary Based Attacks - Brute Force Attack - Look up Table / Rainbow Table - Markov models - Grammar Cracking Approaches

Password Cracking

-->COMPARE with the stored hash --> GENERATE a password guess --> Create the HASH of the GUESS REPEAT

Grammar Based Probabilistic Cracking

-Learning a context-free grammar-Cracking using the grammar

The LM hash algorithm

1)Password converted to upper case; 2)Password is null-padded or truncated to 14 bytes; 3)Password is split into two halves of 7 bytes each; 4)Two DES keys are created, one from each 7 byte half:•Convert each half to a bit stream; •Insert a zero bit after every 7 bits. 5)Each DES key is used to encrypt a preset ASCII string (KGS!@#$%), resulting in two 8-byte ciphertext values; 6)Concatenate the two 8-byte ciphertext values as the LM hash.

The LM hash algorithmDisadvantages

1)Passwords are not case sensitive; 2)Password are split into 7 chars and hashed separately, making brute force trivial; 3)Passwords are limited to a maximum of 14 characters in length. 4)It does not include salts, making it easier to use precomputed tables.

Large random SALT value

DEFENSE AGAINST RAINBOW TABLES -The salt value is not secret and can be a random value stored with the password hash -Saltedhash(password) = hash(password + salt) -Two users with the same password will have different hash values. -The attacker needs to create the rainbow table for each salt value.

How a password is stored

Server stores hash(password) for each user using a cryptographic hash function -hash is a one-way function (not invertible) When you log in with password w (and provide w to server), server computes hash(w) and compares to your record

Look up Table / Rainbow Table

•Look up tables are effective methods for password cracking. •The table contains pre-computed hashes of passwords and their corresponding passwords. •The main weakness is their large file size. •Rainbow Tables use a time-memory trade off technique and require less storage and more processing time than simple look up tables.

Markov Models

•Markov chains: a sequence of random variables {Xi} indexed by the integers (also called time). Issues of time invariant etc. •Markov chain of order n:P(xi | xi-1, xi-2, ..., x1) = P(xi | xi-1, xi-2, ..., xi-n) •Can be applied to strings or other components. For strings x1x2...xm we typically use a first order Markov chain where: P(xi | xi-1, xi-2, ..., x1) = P(xi | xi-1) •Thus we have: P(x1x2...xm) = P(x1 | x0) P(x2 | x1) P(x3 | x2) ... P(xm | xm-1)

Dictionary Based Attacks

•Sometimes mangling rules are used along with a dictionary. •Mangling rules: Append 123 Capitalize the word Append !! Append 1234 Append dates (1997-2018)

NTLM or NT LAN Manager

•Successor to LM, introduced for Windows NT •NTLM is a challenge-response authentication protocol that is used throughout Microsoft's systems as an integrated single sign-on mechanism. •The operating system sends an 8-byte random number as a challenge to the client/service. •The client computes Md4 hash and LM hash of the password, with some more mathematical operations on it, resulting in two 24-bytes responses. •It is not advised to use either versions 1 or 2 of the protocol. Instead Kerberos is recommended.

Brute Force Attack

•Try every possible combination of characters up to a given length. •Eventually will find the password •May not be very efficient in terms of hashes cracked / number of guesses made •How do you specify the order of "all possible combinations."

Key Stretching

•Using salt does not prevent an attacker from dictionary-based or brute force attacks. •Techniques are used to increase the computation time required to hash each passwords, by repeating a hash function multiple times. •Standard algorithms such as PBKDF2 or scrypt can be used.