Exercises 2013-05-02 Information Security Course Eric Laermans – Tom Dhaene.

Slides:



Advertisements
Similar presentations
Password Cracking With Rainbow Tables
Advertisements

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Password Cracking Lesson 10. Why crack passwords?
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.
Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.
Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Secure Password Storage JOSHUA SMALL LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Hashing CS 3358 Data Structures.
Hash Table indexing and Secondary Storage Hashing.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
FALL 2004CENG 3511 Hashing Reference: Chapters: 11,12.
Hashing COMP171 Fall Hashing 2 Hash table * Support the following operations n Find n Insert n Delete. (deletions may be unnecessary in some applications)
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
Lecture 23 Symmetric Encryption
Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Windows Security Mechanisms Al Bento - University of Baltimore.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
Objectives Learn what a file system does
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
HASH Functions.
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.
CIS 450 – Network Security Chapter 8 – Password Security.
The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
D ESIGN & A NALYSIS OF A LGORITHM 01 – H ASHING Informatics Department Parahyangan Catholic University.
March 16 & 21, Csci 2111: Data and File Structures Week 9, Lectures 1 & 2 Indexed Sequential File Access and Prefix B+ Trees.
Hashing Dr. Yingwu Zhu.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
1 HASHING Course teacher: Moona Kanwal. 2 Hashing Mathematical concept –To define any number as set of numbers in given interval –To cut down part of.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Lecture 23 Symmetric Encryption
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
COSC 2007 Data Structures II Chapter 13 Advanced Implementation of Tables IV.
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
Hashing COMP171. Hashing 2 Hashing … * Again, a (dynamic) set of elements in which we do ‘search’, ‘insert’, and ‘delete’ n Linear ones: lists, stacks,
Operating Systems Security
Distributed Computing Projects. Find cures for diseases like Alzheimer's and Parkinson's by analyzing the ways proteins develop (protein.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
File Systems - Part I CS Introduction to Operating Systems.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Password Cracking COEN 252 Computer Forensics. Social Engineering Perps trick Law enforcement, private investigators can ask. Look for clues: Passwords.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
COEN 252 Computer Forensics
Design & Analysis of Algorithm Hashing
I have edited and added material.
Security of Message Digests
Dynamic Hashing (Chapter 12)
Password Cracking Lesson 10.
Hashing CENG 351.
Information Assurance Day Course
Cryptographic Hash Functions Part I
Kiran Subramanyam Password Cracking 1.
EE 312 Software Design and Implementation I
Exercise: Hashing, Password security, And File Integrity
File system : Disk Space Management
EE 312 Software Design and Implementation I
Lecture-Hashing.
Presentation transcript:

Exercises Information Security Course Eric Laermans – Tom Dhaene

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 2 Introduction Password storage in MS Windows old system  LM hash (LAN Manager hash) –untill Windows Me new system  NTLM hash (NT LAN Manager) –since Windows NT 3.1

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 3 Introduction Password storage in MS Windows encoded storage  in SAM (Security Accounts Manager) –non-accessible while OS is active »file locked by OS when Windows is operating (impossible to read, copy or remove) –QUESTION 1: »still possible to access file to test passwords offline?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 4 LM Hash Limitations passwords of at most 14 ANSI-characters  95 possible characters  a.k.a. “printable ASCII”

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 5 LM Hash Operation 1. converting lower case to upper case 2. adding NULL-characters to obtain 14 characters 3. splitting in two sequences of 7 characters 4. each of these sequences is used as a key to encrypt (ECB)  results in two encoded blocks of 8 bytes  the thus obtained 16 bytes are the LM Hash QUESTION 2  possible attacks, weaknesses?  estimated time required for possible attack?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 6 NTLM Hash Operation MD4-hash of password  case-sensitive password  MD4: hash function with 128 bits hash value –predecessor of MD5 –strong collision resistance totally broken –effective strength as a one-way-function (preimage resistance) only 102 bits »rather theoretical weakness, not really practical QUESTION 3  comparie with present password storage in Linux?  reasonable time to crack?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 7 Backward compatibility double password storage using NTLM Hash using LM Hash  if possible, otherwise fake value  default up to Windows XP –can be disabled by registry modification –disabled by default since Windows Vista QUESTION 4  weaknesses of this scheme?  better than LM Hash only?  how can you make sure LM Hash is not stored?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 8 Improved attacks Attacks until now (generally) feasible if LM Hash is available  but still requires quite a lot of compuation time if brute force is used QUESTION 5  suggestions to improve the attack technique? –hint: can part of the job be precomputed?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 9 Improved attacks Precomputed hash chains not feasible to precompute and store all encoded passwords  QUESTION 6: –how much storage would be required for password encoded using LM Hash?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 10 Improved attacks Precomputed hash chains how can we select the password we want to store?  precomputed hash chains –technique using trade-off between required computation time and required storage –for N possible passwords: »storage:O(N 2/3 ) »computation time:O(N 2/3 )

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 11 Improved attacks Precomputed hash chains two functions  hash function H:P  C –transforms password into encoded password –domain: space of possible passwords (P) –range: space of possible hash values (C)  reduction function R:C  P –derives a (pseudorandom) password from hash value »doesn’t need to be a one-way-function »simple choice possible –domain: space of possible hash values (C) –range: space of possible passwords (P)

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 12 Improved attacks Precomputed hash chains choose a (sufficiently large) number (n) of different passwords  p j,0 (with j:0..(n-1)) compute (not too large) a number (k) of links for each chain  p j,i+1 = R(H(p j,i ))(with i:0..(k-1)) only store the start and end points of the chains  p j,0 and p j,k (with j:0..(n-1))

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 13 Improved attacks Precomputed hash chains cracking an encoded password h  compute:p (0) = R(h)  compute:p (i) = R(H(p (i-1) )) –until some p (i) is found which is present in the table of end points p j,k of the hash chains  recompute the chain, starting from p j,0 until the right value p j,k-i-1 is found, such that H(p j, k-i-1 ) = h NOTE:  some chains may overlap  chains may contain loops  false positives are possible

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 14 Improved attacks Precomputed hash chains required improvement upon basic approach  multiple tables –each with different reduction function –reducing impact op overlapping chains –number typically proportional to chain length »drawback: larger search time (proportional to chain length and number of chains)

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 15 Improved attacks Precomputed hash chains possible simplification  “distinguished points” –stop chain computation when easily distinguishable password is reached (instead of fixed length chains) »e.g. starting / ending with 10 null-bits  QUESTION 7: –what is the advantage of this approach?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 16 Improved attacks Rainbow tables improvement over precomputed hash chains  using different reduction function for each link in the chain –k reduction functions R i needed(with i:0..(k-1)) –p j,i+1 = R i (H(p j,i ))(with i:0..(k-1))  look up encoded password h –compute p (0,0) = R k-1 (h) and lookup in table of end points –if not found, look up p (1,1) = R k-1 (H(R k-2 (h))) –if needed, continue with p (i,i) = R k-1 (H(p (i,i-1) )) »with p (i,j) = R k-i+j-1 (H(p (i,j-1) ))

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 17 Improved attacks Rainbow tables advantages  fewer lookups than with multiple tables for precomputed hash chains –approximately half as many  fewer overlapping chains –and easier to identify which chains merge  no loops in chains  chains of constant length –in opposition to “distinguished points”

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 18 Improved attacks Rainbow tables references:  P. Oechslin, “Making a faster cryptanalytic time- memory trade-off,” Advances in Cryptology - CRYPTO 2003, pp  project RainbowCrack

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.