Post on 03-Aug-2021
Reasoning Analytically About Password-Cracking Software
Enze “Alex” Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur
Chic4go
2
Attack Model 80d561388725fa74f2d03cd16e1d687c
3
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e
4
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99
5
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885
6
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7
7
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845
8
Attack Model 80d561388725fa74f2d03cd16e1d687c
1. h(“123456”) = e10adc3949ba59abbe56e057f20f883e 2. h(“password”) = 5f4dcc3b5aa765d61d8327deb882cf99 3. h(“monkey”) = d0763edaa9d9bd2a9516280e9044d885 4. h(“letmein”) = 0d107d09f5bbe40cade3de5c71e9e9b7 5. h(“p@ssw0rd”) = 0f359740bd1cda994f8b55330c86d845 6. h(“Chic4go”) = 80d561388725fa74f2d03cd16e1d687c
9
Chic4go
10
Guess # 6
Chic4go
11
Guess # 6 Guess # 13,545,239,432
Chic4go
12
13
Password-Cracking Methods
Probabilistic Models Software Tools
14
Password-Cracking Methods
Probabilistic Models Software Tools
Chic4go Guess # 15
Password-Cracking Methods
Probabilistic Models Software Tools
16
Chic4go Guess #
Guess Number by Enumeration
1. 123456
2. password
3. monkey
4. letmein
5. p@ssw0rd
6. Chic4go
17
Does Not Scale !!!
Our Analysis Goals
1. Compute guess numbers efficiently
2. Configure guessing method systematically
18
Outline
● State of the art
● How software password-cracking tools work
● Our efficient techniques for guess numbers
● Our techniques for systematic configuration
19
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
Guess #
Configuration 20
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
Guess #
Configuration [CCS 2015]
21
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
Guess #
Configuration [CCS 2015]
22
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
Guess #
Configuration [CCS 2015]
23
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
Guess-Efficient
24
Guess-Efficient
Wall-Clock Time Slow
Probabilistic Models Markov Models [Narayanan and Shmatikov, CCS 2005]
Probabilistic Context-Free Grammars [Weir et al., S&P 2009]
Neural Networks [Melicher et al., Usenix Security 2016]
25
Software Tools
John the Ripper
Hashcat
26
chicago
chicago1
chicago2
chicago3
chicago6
chicago9
chicdog chicagos
CHICAG chicaga
Chicago CHICAGO
CHIcago
Software Tools
27
Guess-Inefficient
Wall-Clock Time Fast
Software Tools
John the Ripper
Hashcat
28
Guess-Inefficient
Wall-Clock Time Fast
Software Tools
John the Ripper
Hashcat
29
Software Tools
John the Ripper
Hashcat
Guess #
Configuration [S&P 2019]
30
Outline
● State of the art
● How software password-cracking tools work
● Our efficient techniques for guess numbers
● Our techniques for systematic configuration
31
Mangled Wordlist Attack
32
Mangled Wordlist Attack
Wordlist Super Password Chicago
33
Mangled Wordlist Attack
Wordlist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
34
Rulelist
Mangled Wordlist Attack
Wordlist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
35
Super1
Rulelist Guesses
Mangled Wordlist Attack
Wordlist Rulelist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Guesses
36
Super1 Password1
Mangled Wordlist Attack
Wordlist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Super1 Password1 Chicago1
37
Rulelist Guesses
Mangled Wordlist Attack
Wordlist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Super1 Password1 Chicago1 Super P4ssword Chic4go
38
Rulelist Guesses
Mangled Wordlist Attack
Wordlist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Super1 Password1 Chicago1 Super P4ssword Chic4go super password chicago
39
Rulelist Guesses
Example Wordlists and Rulelists
Wordlist
PGS (≈ 20,000,000)
Linkedin (≈ 60,000,000)
HIBP (≈ 500,000,000)
40
Example Wordlists and Rulelists
Wordlist Rulelist
PGS (≈ 20,000,000)
Linkedin (≈ 60,000,000)
HIBP (≈ 500,000,000)
Korelogic (≈ 5,000)
Megatron (≈ 15,000)
Generated2 (≈ 65,000)
41
Example Wordlists and Rulelists
Wordlist Rulelist
PGS (≈ 20,000,000)
Linkedin (≈ 60,000,000)
HIBP (≈ 500,000,000)
Korelogic (≈ 5,000)
Megatron (≈ 15,000)
Generated2 (≈ 65,000)
42
109 - 1015 guesses
Example Wordlists and Rulelists
Wordlist Rulelist
PGS (≈ 20,000,000)
Linkedin (≈ 60,000,000)
HIBP (≈ 500,000,000)
Korelogic (≈ 5,000)
Megatron (≈ 15,000)
Generated2 (≈ 65,000)
109 - 1015 guesses
+ Hackers’ private word/rule lists 43
Outline
● State of the art
● How software password-cracking tools work
● Our efficient techniques for guess numbers
● Our techniques for systematic configuration
44
Guesses Super1 Password1 Chicago1 Super P4ssword Chic4go super password chicago
Is This Password in the Guesses?
45
Chic4go
Is This Password in the Guesses?
Wordlist Rulelist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Guesses Super1 Password1 Chicago1 Super P4ssword Chic4go super password chicago
46
We can work backwards!
Insight
47
Insight: Invert Rules
Password
48
Chic4go
Insight: Invert Rules
Rulelist 1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Password
49
Chic4go
Insight: Invert Rules
Rulelist 1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Password
50
Chic4go
Preimages Chicago Chic4go
Insight: Invert Rules
Rulelist 1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Password Chic4go
51
52
*05 O03 d '7 Switch the first and the sixth char;
Delete the first three chars;
Duplicate the whole word;
Truncate the word to length 7;
53
Chic4go Preimages?
Where in the Stream?
Wordlist Rulelist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Guesses Super1 Password1 Chicago1 Super P4ssword Chic4go
54
Where in the Stream?
Wordlist Rulelist Super Password Chicago
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Guesses Super1 Password1 Chicago1 Super P4ssword Chic4go
55
Counting Guesses For Each Rule
Super Password Chicago
Wordlist Rule Guesses Reject if no “a”; Replace a→ 4
2
56
● Fast Guess Number Estimation
Our First Contribution
57
Fast Guess Number Estimation
58
Linkedin + SpiderLab
Fast Guess Number Estimation
59
Linkedin + SpiderLab Guesses
Fast Guess Number Estimation
60
Enumeration Our Approach
Size ~ 3 PB ~ 10 GB
Linkedin + SpiderLab Guesses
Fast Guess Number Estimation
61
Enumeration Our Approach
Size ~ 3 PB ~ 10 GB
Preprocessing > 2 years < 1 day
Linkedin + SpiderLab Guesses
Fast Guess Number Estimation
62
Enumeration Our Approach
Size ~ 3 PB ~ 10 GB
Preprocessing > 2 years < 1 day
Mean Lookup ??? < 1 second
Linkedin + SpiderLab Guesses
Outline
● State of the art
● How software password-cracking tools work
● Our efficient techniques for guess numbers
● Our techniques for systematic configuration
63
Software Tools Depend On
● Order of rules
● Contents of the rulelist
● Order of words
● Contents of the wordlist
64
Wordlist Rulelist
Insight: Data-Driven Configuration
65
Password Set
Wordlist Rulelist
New configuration
Insight: Data-Driven Configuration
66
Password Set
Data-Driven Configuration
● Order of rules
● Contents of the rulelist
● Order of words
● Contents of the wordlist
67
● Should the rules be in a different order?
Rule Ordering
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
1. Replace “a” → “4” 2. Lowercase all 3. Append “1”
68
● Should the rules be in a different order?
● Key idea: Order by # cracks per guess
Rule Ordering
1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
1. Replace “a” → “4” 2. Lowercase all 3. Append “1”
69
Rule Ordering Results
70
Ideal Data-driven Original
Rule Ordering Results
71
Ideal Data-driven Original
Rule Ordering Results
72
Ideal Data-driven Original
72
● Should other words be in the wordlist? ● Key idea: Add frequent preimage “misses”
Word Completeness
Preimages Rulelist 1. Append “1” 2. Replace “a” → “4” 3. Lowercase all
Oakland1 O@kl@nd oakland
Oakland
73
Word Completeness (Sample Results)
Category
Examples
Set-specific bfheros; ilovmyneopets”””
74
Word Completeness (Sample Results)
Category
Examples
Set-specific bfheros; ilovmyneopets”””
Meaningful MaSterBrain; la la la
75
Word Completeness (Sample Results)
Category
Examples
Set-specific bfheros; ilovmyneopets”””
Meaningful MaSterBrain; la la la
Short strings a2; a23; 7a; b2; q2
76
Takeaway
77
Analytical Tools
Analytical Tools
Guess Number
Takeaway
78
Analytical Tools
Guess Number
Takeaway
79
Analytical Tools
Guess Number Configuration Tools
Takeaway
https://github.com/UChicagoSUPERgroup/
80
Analytical Tools
Guess Number Configuration Tools
Analytical Tools
Guess Number Configuration Tools https://github.com/UChicagoSUPERgroup/
Takeaway
Reasoning Analytically About Password-Cracking Software
Enze “Alex” Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur 81