Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exercises 2013-05-02 Information Security Course Eric Laermans – Tom Dhaene.

Published byEunice Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "Exercises 2013-05-02 Information Security Course Eric Laermans – Tom Dhaene."— Presentation transcript:

1 Exercises 2013-05-02 Information Security Course Eric Laermans – Tom Dhaene

2 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 2 Introduction Password storage in MS Windows old system  LM hash (LAN Manager hash) –untill Windows Me new system  NTLM hash (NT LAN Manager) –since Windows NT 3.1

3 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 3 Introduction Password storage in MS Windows encoded storage  in SAM (Security Accounts Manager) –non-accessible while OS is active »file locked by OS when Windows is operating (impossible to read, copy or remove) –QUESTION 1: »still possible to access file to test passwords offline?

4 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 4 LM Hash Limitations passwords of at most 14 ANSI-characters  95 possible characters  a.k.a. “printable ASCII”

5 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 5 LM Hash Operation 1. converting lower case to upper case 2. adding NULL-characters to obtain 14 characters 3. splitting in two sequences of 7 characters 4. each of these sequences is used as a key to encrypt “KGS!@#$%” (ECB)  results in two encoded blocks of 8 bytes  the thus obtained 16 bytes are the LM Hash QUESTION 2  possible attacks, weaknesses?  estimated time required for possible attack?

6 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 6 NTLM Hash Operation MD4-hash of password  case-sensitive password  MD4: hash function with 128 bits hash value –predecessor of MD5 –strong collision resistance totally broken –effective strength as a one-way-function (preimage resistance) only 102 bits »rather theoretical weakness, not really practical QUESTION 3  comparie with present password storage in Linux?  reasonable time to crack?

7 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 7 Backward compatibility double password storage using NTLM Hash using LM Hash  if possible, otherwise fake value  default up to Windows XP –can be disabled by registry modification –disabled by default since Windows Vista QUESTION 4  weaknesses of this scheme?  better than LM Hash only?  how can you make sure LM Hash is not stored?

8 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 8 Improved attacks Attacks until now (generally) feasible if LM Hash is available  but still requires quite a lot of compuation time if brute force is used QUESTION 5  suggestions to improve the attack technique? –hint: can part of the job be precomputed?

9 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 9 Improved attacks Precomputed hash chains not feasible to precompute and store all encoded passwords  QUESTION 6: –how much storage would be required for password encoded using LM Hash?

10 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 10 Improved attacks Precomputed hash chains how can we select the password we want to store?  precomputed hash chains –technique using trade-off between required computation time and required storage –for N possible passwords: »storage:O(N 2/3 ) »computation time:O(N 2/3 )

11 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 11 Improved attacks Precomputed hash chains two functions  hash function H:P  C –transforms password into encoded password –domain: space of possible passwords (P) –range: space of possible hash values (C)  reduction function R:C  P –derives a (pseudorandom) password from hash value »doesn’t need to be a one-way-function »simple choice possible –domain: space of possible hash values (C) –range: space of possible passwords (P)

12 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 12 Improved attacks Precomputed hash chains choose a (sufficiently large) number (n) of different passwords  p j,0 (with j:0..(n-1)) compute (not too large) a number (k) of links for each chain  p j,i+1 = R(H(p j,i ))(with i:0..(k-1)) only store the start and end points of the chains  p j,0 and p j,k (with j:0..(n-1))

13 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 13 Improved attacks Precomputed hash chains cracking an encoded password h  compute:p (0) = R(h)  compute:p (i) = R(H(p (i-1) )) –until some p (i) is found which is present in the table of end points p j,k of the hash chains  recompute the chain, starting from p j,0 until the right value p j,k-i-1 is found, such that H(p j, k-i-1 ) = h NOTE:  some chains may overlap  chains may contain loops  false positives are possible

14 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 14 Improved attacks Precomputed hash chains required improvement upon basic approach  multiple tables –each with different reduction function –reducing impact op overlapping chains –number typically proportional to chain length »drawback: larger search time (proportional to chain length and number of chains)

15 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 15 Improved attacks Precomputed hash chains possible simplification  “distinguished points” –stop chain computation when easily distinguishable password is reached (instead of fixed length chains) »e.g. starting / ending with 10 null-bits  QUESTION 7: –what is the advantage of this approach?

16 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 16 Improved attacks Rainbow tables improvement over precomputed hash chains  using different reduction function for each link in the chain –k reduction functions R i needed(with i:0..(k-1)) –p j,i+1 = R i (H(p j,i ))(with i:0..(k-1))  look up encoded password h –compute p (0,0) = R k-1 (h) and lookup in table of end points –if not found, look up p (1,1) = R k-1 (H(R k-2 (h))) –if needed, continue with p (i,i) = R k-1 (H(p (i,i-1) )) »with p (i,j) = R k-i+j-1 (H(p (i,j-1) ))

17 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 17 Improved attacks Rainbow tables advantages  fewer lookups than with multiple tables for precomputed hash chains –approximately half as many  fewer overlapping chains –and easier to identify which chains merge  no loops in chains  chains of constant length –in opposition to “distinguished points”

18 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 18 Improved attacks Rainbow tables references:  P. Oechslin, “Making a faster cryptanalytic time- memory trade-off,” Advances in Cryptology - CRYPTO 2003, pp. 617-630 http://lasec.epfl.ch/pub/lasec/doc/Oech03.pdf http://lasec.epfl.ch/pub/lasec/doc/Oech03.pdf  project RainbowCrack http://project-rainbowcrack.com/ http://project-rainbowcrack.com/

Download ppt "Exercises 2013-05-02 Information Security Course Eric Laermans – Tom Dhaene."

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.

Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.
Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.

Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.
Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.

Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.

©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352.

Secure Password Storage JOSHUA SMALL LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Hashing CS 3358 Data Structures.

Hashing CS 3358 Data Structures.
Hash Table indexing and Secondary Storage Hashing.

Hash Table indexing and Secondary Storage Hashing.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
FALL 2004CENG 3511 Hashing Reference: Chapters: 11,12.

FALL 2004CENG 3511 Hashing Reference: Chapters: 11,12.
Hashing COMP171 Fall 2005. Hashing 2 Hash table * Support the following operations n Find n Insert n Delete. (deletions may be unnecessary in some applications)

Hashing COMP171 Fall Hashing 2 Hash table * Support the following operations n Find n Insert n Delete. (deletions may be unnecessary in some applications)
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.

Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.

Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.

Similar presentations

Ads by Google