Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Published byKerry Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011."— Presentation transcript:

1 Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011

2 Goals  Understand UNIX pw system How it works How to attack  Understand Lamport’s hash and its vulnerabilities

3 History of UNIX passwords  Originally the actual passwords were stored in a plaintext file “Excessively vulnerable to lapses in security”  Improved approach used encryption to protect passwords Led to brute force/dictionary attacks

4 Pass Phrases  Passwords is a misnomer Do not use single words or variants Supposedly, a large number of passwords in Dallas is some variant of the word cowboys ○ Any cougar passwords out there!  Use a pass-phrase Memorable and harder to guess First letter of a long phrase ○ Rastcao - Rise and shout the cougars are out

5 How to Attack Password Systems  Guess the user’s password Online attack ○ Attempt to login as the user would Offline attack ○ Repeated guessing involving an encrypted form of the user’s password  Shoulder surfing  Users write down their passwords  Users give away their passwords Phishing, social engineering

6 Problems with Passwords  Users have too many passwords Encourages password reuse Leads to forgotten passwords Burdens users and administrators  Attempts to increase password strength inconvenience users  Random passwords Only as random as the initialization of the salt value

7 Time estimates  What is the maximum number of attempts to guess a password? Password length = 8 characters Assume password is alphanumeric (26+26+10) (26+26+10) 8 = 62 8  How many attempts on average? Divide maximum number by 2 (this assumes brute force attack and passwords chosen randomly)

8

9 Unix Password File  Original password file /etc/passwd was world readable Anyone could copy the file offline and perform a dictionary attack You could find sample files on Google courtesy of naïve system admins!  Later, the encrypted password was moved to a shadow file /etc/shadow that required root privileges to access

10

11  Unix Password File Creation

12 Verifying a Password UsernameSaltEncrypted PW  

13 Password Salts  Why do Unix password files use a salt? Prevents the identification of identical passwords ○ Provided each user has a different salt All password guesses are salt-specific ○ Guess made with one salt aren’t helpful for another ○ Increases the cost of offline attack to crack any password in the file ○ Increases the size requirement for a pre- computed database of hashed passwords

14 Password Attacks with Salt  How many guesses do password attacks need when a salt is used? Off-line attack – one attempt for each unique salt in the file  How does the salt impact on-line attacks? It doesn’t  How does the salt impact an attempt to crack a specific user’s password in the file? It doesn’t change the number of attempts, but it does increase the size of a pre-computed database of passwords

15 crypt(3)  2 approaches A modified DES implementation (uses a salt) ○ Can’t use off the shelf DES hardware ○ Effectively limits the size of all passwords to eight characters MD5 hash ○ Any size password ○ Hash function is invoked 1000 times An attack that would have taken 1 day now takes 3 years Minimal impact to user and the system

16 Password Guessing Attacks  Brute-force  Dictionary  Substitution password, passw0rd

17

18 Lamport’s Hash  One time password scheme see http://lodestone.org/people/hoss/ops/node5.html Alice Alice’s Workstation Bob Alice, pwd Alice n x = hash n-1 (pwd) BOB knows  n, hash n (password)  Compares hash(x) to hash n (password); If equal, replaces  hash n (password)  With  n-1, x 

19 Attack on Lamport’s Hash  Small n attack Active attacker intercepts servers reply message with n and changes it to a smaller value Attacker can easily manipulate the response (repeatedly) to impersonate Alice  Eavesdropper captures Alice’s hashed reply and conducts off-line attack  Replay Alice’s response to other servers where Alice may use the same password Thwart using salt at the server – server hashes pw || salt and sends n and the salt to Alice during login Salt also permits automatic password refresh when n reaches 1

20 Related articles (optional)  The Curse of the Secret Question http://www.schneier.com/essay-081.html http://www.schneier.com/essay-081.html  Sarah Palin Yahoo! account hacked http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=21060 2271 http://en.wikipedia.org/wiki/Sarah_Palin_email_hack http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=21060 2271 http://en.wikipedia.org/wiki/Sarah_Palin_email_hack  Secret Questions Too Easily Answered http://www.technologyreview.com/web/22662/ http://www.technologyreview.com/web/22662/  Scientists claim GPUs make passwords worthless http://www.pcpro.co.uk/news/security/360313/scientists-claim-gpus-make-passwords- worthless http://www.pcpro.co.uk/news/security/360313/scientists-claim-gpus-make-passwords- worthless  How the Bible and Youtube are fueling the next frontier of password cracking http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the- next-frontier-of-password-cracking/ http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the- next-frontier-of-password-cracking/  32 million passwords show most users careless about security http://arstechnica.com/security/2010/01/32-million-passwords- show-most-users-careless-about-security/ http://arstechnica.com/security/2010/01/32-million-passwords- show-most-users-careless-about-security/

Download ppt "Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Strong Password Protocols

Strong Password Protocols
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.

Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.

Similar presentations

Ads by Google