But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input.

Slides:



Advertisements
Similar presentations
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
Advertisements

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Password Cracking Lesson 10. Why crack passwords?
Not for noobs…. What even is a GPU?  A GPU (Graphics Processing Unit) is piece of hardware(single chip processor) primarily used for computing 3D functions.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Password cracking.
Combinatorial Pattern Matching CS 466 Saurabh Sinha.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Tutorial 5 Creating Advanced Queries and Enhancing Table Design
Improving Usability Through Password-Corrective Hashing Andrew Mehler Steven Skiena Stony Brook University.
Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.
Creating Web Page Forms
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.
Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
علیرضا فراهانی استاد درس: جعفری نژاد مهر Version Control ▪Version control is a system that records changes to a file or set of files over time so.
Challenges Bit-vector approach Conclusion & Future Work A subsequence of a string of symbols is derived from the original string by deleting some elements.
CIS 450 – Network Security Chapter 8 – Password Security.
STRINGS CMSC 201 – Lab 3. Overview Objectives for today's lab:  Obtain experience using strings in Python, including looping over characters in strings.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Author : Ozgun Erdogan and Pei Cao Publisher : IEEE Globecom 2005 (IJSN 2007) Presenter : Zong-Lin Sie Date : 2010/12/08 1.
User Management: Passwords cs3353. Passwords Policy: “Choose a password you can’t remember and don’t write it down”
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Introduction to Computer Systems and the Java Programming Language.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Multimedia Specification Design and Production 2012 / Semester 1 / L3 Lecturer: Dr. Nikos Gazepidis
Index Building Overview Database tables Building flow (logical) Sequential Drawbacks Parallel processing Recovery Helpful rules.
CPS120: Introduction to Computer Science
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
INTERNET SAFETY FOR KIDS
Protecting Your Password
What do you know about password? By Guang Ling Oct. 8 th,
Good strong passwords are key to keeping your access and data safe.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.
ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.
PZAPR Parallel Zip Archive Password Recovery CSCI High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar.
Data Representation. Goal: Store numbers, characters, sets, database records in the computer. What we got: Circuit that stores 2 voltages, one for logic.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Fall 2015, Kevin Quinn CSE373: Data Structures & Algorithms Lecture 25: Problem Solving CSE373: Data Structures and algorithms1.
Hashing & Hash Tables. Sets/Dictionaries Set - Our best efforts to date:
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Contents What is a trie? When to use tries
CS100Lecture 21 Announcements For homework due Thursday, work alone -- do not work in pairs New class location: Olin 155 Office hour oops! Lyn: MW, 11:15-12:15.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Internet: The Nursing Resource. Is the INTERNET a government association? Yes No.
MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.
Password Cracking Lesson 10.
Password Security by Jordan D. v2.0
High Coverage Detection of Input-Related Security Faults
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Protecting IT systems (2)
Encryption and Decryption
Elections Choose wisely, this is your chance to prove if election by popular vote works or not.
Passwords Why all the bother?.
Password Security.
Presentation transcript:

But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input string.  Crack – To recover the original string that hashes to the hash string.  Key space – All possible keys (strings) to test.

Passwords to Other People  Secret phrase that keeps their stuff safe, and allows only that person that knows it admission to something.  The problem is that, just because something has a password doesn’t mean it is necessarily safe.

Exploiting that Mindset…  Passwords can give a false sense of security.  Leading to relaxed password complexity Short passwords Dictionary words  Following the same password patterns around the web. …The perfect place to look…

Are the patterns!  Rockyou Database Length 8 – 20% Length 7 – 17% Length 9 – 15% Lower alpha num – 42% Lower alpha- 25%

Understanding a Mask  ?d – Digits  ?l – lower case alpha  ?u – uppercase  ?s – symbols  ?h – hex 0xc0 – 0xff  ?D-German alphabet  ?F-French alphabet  ?R-Russian alphabet

Password Mask Topologies  The top 5 patterns usually cracks around % of all passwords  The top 100 patterns usually cracks around %  Examples:  ullllldd  ulllllldd  ullldddd Hank Leininger – Password Topology

What even is a password cracker?  A password cracker is used to translate a hashed password back into the original string.  This is done by hashing multiple strings and comparing if the hash matches the one you have on file.  Examples: MD5(noob) -> 9cb4afde731e9eadcda4506ef7c65fa2 MD5(your) -> 62cc0b4ebb0b57b c38 MD5(password) -> 5f4dcc3b5aa765d61d8327deb882cf99 MD5(sucks) -> 9bbf7382baad324c5a97e18387f932d7

What does distributed mean?  A distributed password cracker splits up the key space amongst multiple worker nodes, to further parallelize the workload.

Server Design

How does the cracker hold up?  Class F speed ( greater than 1 Billion a second)  9 ?d – close to instant  9 ?u or ?l – 1.5 hours  9 ?u+?d – 28 hours  8 ?a (96 chars) – 83 days  School network (rm 315)  Some GPUs get over 2 billion now days

Why we need longer passwords Cpu vs. GPU speeds

How do we fix our passwords?  Increase your length! 8 characters is no longer strong enough Aim for 14+ characters. ?a space  Don’t follow the most predictable patterns! Stay away from minimal password changes  Consider using password managers (LastPass, KeePass)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.