Password Cracking Research at FSU
Transcript of Password Cracking Research at FSU
![Page 1: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/1.jpg)
Password Cracking Research at FSUSudhir Aggarwal, Matt Weir, Breno de MedeirosFlorida State UniversityDepartment of Computer ScienceE-Crimes Investigative Technologies LabTallahassee, Florida 32306October 21, 2010
![Page 2: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/2.jpg)
Our Research
Assist Law Enforcement
Develop better ways to model how people actually create passwords
Investigate how we can make passwords more secure
FORENSICS
CRACKING PASSWORDS
I’M CRACKING PASSWORDS
![Page 3: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/3.jpg)
The Plan
1.Obtaining the Data-sets
2.Probabilistic Password Cracking Improvements
3.Pass-Phrase Cracking
![Page 4: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/4.jpg)
Two Types of Password Cracking
Online
- The system is still operational
- You may only be allowed a few guesses
Offline
- You grabbed the password hash
- Computer forensics setting
![Page 5: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/5.jpg)
Cracking Passwords
Generate a password guess
- password123
Hash the guess
- A5732067234F23B21
Compare the hash to the password hash you are trying to crack
5
![Page 6: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/6.jpg)
Dictionary based attacks
Password-cracking dictionaries may contain entries that are not natural language words, e.g., ‘qwerty’Dictionary based attacks derive multiple password guesses from a single dictionary entry by application of fixed rules, such as ‘replace a with @’ or ‘add any two digits to the end’Novel approach: Infer a probabilistic grammar for ‘mangling rules’ from a password dataset
6
![Page 7: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/7.jpg)
Existing Password Crackers
John the RipperCain & AbleL0phtcrackAccess Data’s PRTKetc...
7
![Page 8: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/8.jpg)
Focus of ResearchMost of our research focuses on how to make better password guesses
- Hash neutral. Aka you would create the same guesses regardless if you are attacking a Truecrypt or a WinRAR encrypted file
We are also exploring implementing faster hashing algorithms using GPUs.
- Target program specific. Aka the hashing that Truecrypt and WinRAR uses is different
![Page 9: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/9.jpg)
Obtaining the Datasets
![Page 10: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/10.jpg)
Obtaining Real PasswordsOriginally we were concerned that one of the main problems with our research would be collecting valid data-sets to train/test against
In reality, that hasn’t been much of a problem for web-based passwords
![Page 11: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/11.jpg)
Hackers Like to Brag
![Page 12: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/12.jpg)
The Most Recent List
RockYou.com was recently hacked
Over 32 Million, (yes million), plaintext passwords were publicly released.
![Page 13: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/13.jpg)
The Soap Opera Around the Rockyou Hack
The vulnerability originally was publicly posted on the website www.darkc0de.com
It appears that multiple hackers used it to break into the site.
According to the security firm Imperva, many of the webmail accounts associated with those passwords have been taken over by spammers
![Page 14: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/14.jpg)
The Soap Opera (Continued)
One Slovakian hacker named Igigi claimed credit for the attack, and set up a blog detailing other website hacks
He also started giving interviews to various news publications
He now has a facebook fan page with over 600 members...
![Page 15: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/15.jpg)
Probabilistic Password Cracking
![Page 16: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/16.jpg)
Rule Centric View of Password Cracking
Rules
Dictionaries
Ad-hocIdeas
YearsZip Codes
User Behavior
Ad-hocIdeas
![Page 17: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/17.jpg)
Rule Based Optimizations
1.Append 4 Digits
Rules
User Behavior
![Page 18: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/18.jpg)
Rule Based Optimizations
1.Append 1234
2.Append 4 Digits
Rules
1234
User Behavior
![Page 19: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/19.jpg)
Rule Based Optimizations
1.Append 1234
2.Append 0000-1233
3.Append 1235-9999Rules
1234
User Behavior
Optimize
Exclude
![Page 20: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/20.jpg)
Rule Based Optimizations
1.Append 1234
2.Append 1950-2010
3.Append 0000-1233
4.Append 1235-9999Rules
1234
User Behavior
Optimize
Exclude
Dates
![Page 21: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/21.jpg)
Rule Based Optimizations1.Append 1234
2.Append 1950-2010
3.Append 0000-1233
4.Append 1235-1949
5.Append 2011-9999 Rules
1234
User Behavior
Optimize
Exclude
Dates
Exclude
![Page 22: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/22.jpg)
Rule Based Optimizations
1. Append 1234
2. Append 1950-2010
3. Append 0000-1233
4. Append 1235-1949
5. Append 2011-9999
6. Capitalize the first letter, Append 1234
7. Capitalize the first letter, Append 1950-2010
8. Capitalize the first letter, Append 0000-1233
9. Capitalize the first letter, Append 1235-1949
10. Capitalize the first letter, Append 2011-999
11. Replace ‘a’ with an ‘@’, Append 1234
12. Replace ‘a’ with an ‘@’, Append 1950-2010
13. Replace ‘a’ with an ‘@’, Append 0000-1233
14. Replace ‘a’ with an ‘@’, Append 1235-1949
15. Replace ‘a’ with an ‘@’, Append 2011-9999
16. Uppercase the last letter, Append 1234
17. Uppercase the last letter, Append 1950-2010
18. Uppercase the last letter, Append 0000-1233
19. Uppercase the last letter, Uppercase the last letter, Append 1235-1949
20. Uppercase the last letter, Uppercase the last letter, Append 2011-9999
![Page 23: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/23.jpg)
Finding the Correct Order
Which should we try first?
p@ssword1234
password8732
![Page 24: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/24.jpg)
Probabilistic CrackingSome words are more likely than others
- password, monkey, football
Some mangling rules are more likely than others
- 123, 007, $$$, Capitalize the first letter
![Page 25: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/25.jpg)
New Idea: Probabilities should be the focus Create a context-free grammar representing word mangling rules
Derive this grammar from a training set of passwords
Define probabilities for rewrite rules
Generate passwords in highest probability order
![Page 26: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/26.jpg)
Two Stages
Training
- Construct the grammar
Cracking
- Use the grammar to create password guesses
![Page 27: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/27.jpg)
Training our CrackerOur password cracker is trained on known password lists
This way we can quickly create attacks based on a target’s profile
![Page 28: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/28.jpg)
28
Password StructuresPossibly, the most naive structure that can be inferred from passwords is the sequence of the character classes used
- Letters = L
- Digits = D
- Symbols = S
password12! --> LDS “simple structure”
![Page 29: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/29.jpg)
29
The Context-Free Assumption
Context-free grammars lead to efficient algorithms, but simple structures are “too lossy” to allow for capturing sufficiently fine-grained human behavior in password choice in a context-free way
“97” as a password element (a date) is more likely than would be expected by the independent probabilities of ‘9’ and ‘7’
Some password lengths are preferred
![Page 30: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/30.jpg)
30
Learning the Base structures
Extend the character class symbols to include length information
- password$12$ = L8S1D2S1
Base structures, while still very simple, empirically capture sufficient information to derive useful context-free grammar models from password datasets
![Page 31: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/31.jpg)
31
Learning the Grammar (continued)
The next step is to learn the probabilities of digits and special characters
We record the probabilities of different length strings independently
Picks up rules such as 007, 1234, !!, $$, !@#$
![Page 32: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/32.jpg)
32
Assigning Probability to Dictionary Words
By default we just assign a probability to each dictionary word of 1/nL
nL is the number of dictionary words of length L
![Page 33: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/33.jpg)
Probabilistic Context-free Grammars
Derive the production rules from the training set
Derive the probabilities from the training set
S → L4D2 .50S → D1L3D1 .25S → L4D1S1 .25D2 → 99 .50D2 → 98 .30D2 → 11 .20L4 → pass .10S →* pass11 .5 x .1 x .2 = .01
![Page 34: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/34.jpg)
Training our Cracker
![Page 35: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/35.jpg)
35
Now to the CrackingAfter training, grammar can be distributed for purposes of password cracking (e.g., base structures can be distributed and the replacement tokens also)
Size of grammar when trained on the MySpace set
1,589 base structures (with probabilities)
4,410 digit components (with probabilities)
144 symbol components (with probabilities)
![Page 36: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/36.jpg)
36
Requirements For the Next Function
Generate all possible guesses with no duplicates
Generates the guesses in probability order
Reasonable memory requirements
Comparable time requirements to existing methods
Able to support distributed password cracking
![Page 37: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/37.jpg)
Pre-Terminal StructuresEssentially the base structure with all the productions except for the dictionary words replaced with terminals
S1 D2L3
%L399
D2D2
Prob. S1S1
Prob.
99 50% $ 60%
12 30% % 40%
33 20%
![Page 38: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/38.jpg)
38
Size of Potential Search Space
Structure Number of Structure in the MySpace Training Set
Base 1,589
Pre-Terminal 34 trillion
![Page 39: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/39.jpg)
Generating GuessesPop the top value and check the guesses: $dog99, $cat99, etc.
Create children of the popped value: $L333 (9.5%) and !L399 (6.5%) and push them into the p-queue
Pop the next top value
Continue until queue is empty
$L399 11%1
$L31 9% 1
L399$ 8% 1
L4 7% 1
L4$L4 7% 1
![Page 40: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/40.jpg)
Targeted AttacksAssign higher probabilities to certain replacements
- Kids names
- Birth Years
- Zip Codes
![Page 41: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/41.jpg)
Creating an Efficient AlgorithmAny password cracker algorithm must be:
- Fast
- Parallelizable
This is where we have spent a lot of our time
![Page 42: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/42.jpg)
The MySpace List
Split it into a training list and a test list
-Training List: 33,561-Test List: 33,481
![Page 43: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/43.jpg)
Results
![Page 44: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/44.jpg)
Results
Cracked as Many Passwords as John the Ripper
![Page 45: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/45.jpg)
Real World Results -MySpace List
![Page 46: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/46.jpg)
Passwords Cracked Over Time
![Page 47: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/47.jpg)
The Finnish List
Hackers broke into several sites via SQL injection15,699 Plain Text29,853 MD5 Hashes
![Page 48: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/48.jpg)
Finnish List
![Page 49: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/49.jpg)
Cracking Pass-PhrasesOne approach
1.Use an input dictionary of phrases
- It’s fun to try the impossible!
- ifttti
- itsfun2trytheimpossible
![Page 50: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/50.jpg)
Cracking Pass-Phrases
2.Use a Mad Libs Approach
- Proper-Noun verbs a Noun
- Proper-Noun loves Proper-Noun
![Page 51: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/51.jpg)
Cracking Pass-Phrases3.Use a full probabilistic approach
- Probabilistic Context Free Grammars originally were used for speech recognition
- Essentially this would be a smart brute-force options
![Page 52: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/52.jpg)
Questions/Comments?Matt’s Research Blog
- http://www.reusablesec.blogspot.com
E-Mail Address
![Page 53: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/53.jpg)
Dictionary Based Rainbow Tables
![Page 54: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/54.jpg)
Original ResearchPrevious Rainbow Tables only supported brute force attacks
Developed a new indexing function for dictionary based attacks:
- Generic- Fast
Wrote and released the tool drcrack along with custom tables
![Page 55: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/55.jpg)
Keyboard Combo TableNTLM 1-3 Keyboard Combos, NTLM 4 Keyboard Combo
Custom dictionary has 658 keyboard combos
Combines them to attack strong +15 character passwords
If you want the user to create a 15 character password some of them are going to use qwertyuiopasdf
Problems with collisions
![Page 56: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/56.jpg)
Double Basic Rule
Supports NTLM
Creates a password and then doubles it
Password12Password12
Once again, attacking the users
Some users just type eight character passwords in twice
![Page 57: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/57.jpg)
PassphrasesStill working on this one
Just use a passphrase input dictionary
Example passphrase
- !!It’s fun to do the impossible!
Eventually plan to add support for grammar generation
- Proper-noun + Verbs + a + Noun
![Page 58: Password Cracking Research at FSU](https://reader030.fdocuments.us/reader030/viewer/2022012020/616888ced394e9041f705391/html5/thumbnails/58.jpg)
Not Better, Just DifferentDoes not replace existing rainbow tables
Bruteforce attacks are still wonderful, don’t let anyone tell you differently
With rcracki’s hybrid tables you can use targeted brute force against fairly long passwords
Still for longer passwords, dictionary attacks may be the only feasible option