Presentation is loading. Please wait.

Presentation is loading. Please wait.

Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.

Published byHilary Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all."— Presentation transcript:

1 Time-Memory tradeoffs in password cracking 1

2 Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all N possible passwords. –Space: O(1); Time: O(N) Brute Force with pre-computation –Offline: keep hashes of all N possible passwords in DB –Online: look up hash in DB –Space: O(N); Time: O(log N) 2

3 Inverting a one-way hash The one-way hash function is easy to compute but hard to invert. 3 m h(m) hard easy

4 Chains Note that image h(x) can also be a source –Both have n bits Chain: x  h(x)  h(h(x))  h(h(h(x)))…. 4

5 Time-Memory tradeoff – Offline Offline: –Pick m random values x 1, … x m –Compute chain of t steps from each x i –Keep table of {x i, h t (x i ) } – sorted by h t –Space: O(m) 5 Start PointEnd Point X1X1 xixi h t (x i ) xmxm

6 Time-Memory tradeoff – cont. Online: (given value y) –Compute chain from y –Find h j (y) as end-point i –Begin from matching start point x i –Compute chain from x i until y found –Time: O(t) 6 y ep spsp

7 Time-Memory tradeoff – cont. Online: (given value y) –Compute chain of t steps from y –Find h j (y) as end-point i –Begin from matching start point x i –Compute chain from x i until y found –Time: O(t) 7 y ep spsp

8 Time-Memory tradeoff – cont. Online: (given value y) –Compute chain of t steps from y –Find h j (y) as end-point i –Begin from matching start point x i –Compute chain from x i until y found –Time: O(t) 8 y ep spsp !!

9 Setting the parameters 9

10 What if domains are different E.g. Password has 8 alphanumeric characters Hash produces 128 bit Need to “return” to password domain to build the chains 10

11 11 Reduce function Apple xrr12YYv679 pass123 hR

12 12 Rainbow Tables First pioneered by Philippe Oechslin Implemented in the Windows password cracker 0phcrack –lowercase alphanumeric passwords of 8 characters long –case sensitive passwords of 5-16 characters in length –valid UNIX passwords (96 symbols, 8 characters)

13 13 Rainbow tables

14 14 Many Reduce Functions Use a different reduction function for each "link" in a chain When a hash collision occurs - the chains will not merge (so long as collision doesn't occur at the same position in each chain) Increases the probability of a correct crack Improves speed - approximately doubles the speed.

15 15 Example 1.We want to reverse the hash “re3xes” 2.We apply reduction function R3 and get “rambo”.. we check the table and don’t find it there 3.We then restart using R2 followed by R3 (and keep doing this with 3, 4, 5 reductions until we succeed). 4.We can see that with two reductions we get “linux23” which is in the table 5.We lookup the start value “password” and then start our search of this chain, comparing the hash at each iteration to our target hash “re3xes”. Once we find it we stop, and we discover the password “culture” that generated that hash value..

16 16 Rainbow Tables Rainbow Table for LanManager passwords (windows) config #0 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ ] Keyspace 8,353,082,582 Table size 610Mb Success probability 0.9990 Cracks 5-alpha in a few seconds http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg0.txt Rainbow Table for LanManager passwords (windows) config #1 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ] Keyspace 80,603,140,212 Table size 3 GB Success probability 0.9904

17 17 Rainbow Tables Rainbow Table for MD5 (loweralpha-numeric 1-8) Charset [abcdefghijklmnopqrstuvwxyz0123456789 ] Keyspace 2,901,713,047,668 Table size 36 GB Success probability 0.99904 10 MD5 hashes broken in 35 minutes.. Rainbow Table for Microsoft Office –40-bit encrypted files decrypted in 5 minutes on average –One table for MS Word and one table for MS Excel –Table size is 40 GB –99.9% accuracy MS Office

18 18 Rainbow Tables in Practice Pre-computed files are now available on bit torrent Rainbow tables crackers are now online on websites. Salts are one way to defeat rainbow tables.

Download ppt "Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all."

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Use of a One-Way Hash without a Salt

Use of a One-Way Hash without a Salt
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Space-for-Time Tradeoffs

Space-for-Time Tradeoffs
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
REPRESENTING SETS CSC 172 SPRING 2002 LECTURE 21.

REPRESENTING SETS CSC 172 SPRING 2002 LECTURE 21.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Authenticating streamed data in the presence of random packet loss March 17th, 2000. Philippe Golle, Stanford University.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.

Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.

Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Unix Security Use of a taxonomy of security faults By T. Aslam, I. Krsul, and E. H. Spafford.

Unix Security Use of a taxonomy of security faults By T. Aslam, I. Krsul, and E. H. Spafford.

Similar presentations

Ads by Google