Presentation is loading. Please wait.

Presentation is loading. Please wait.

PZAPR Parallel Zip Archive Password Recovery CSCI5576 - High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar.

Published byPreston Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "PZAPR Parallel Zip Archive Password Recovery CSCI5576 - High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar."— Presentation transcript:

1 PZAPR Parallel Zip Archive Password Recovery CSCI5576 - High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar 2011-04-29

2 Topics The Team Introduction Framework Brute Force Dictionary Password Verification Process Data Collection Results & Conclusions Questions

3 Introduction ZipCrypto was first ZIP encryption o Easily defeated AES-256 o Standard o 2003 integrated into ZIP spec Password recovery of ZIP's not new o Proprietary companies Open source solution o Free (if you have hardware)

4 Framework MPI with C++ & C 3 Components o Password Generator  Brute Force  Dictionary o Password Verification Command Parameters o Log Path o Zip Path o Method (BRUTE | DICTIONARY) o Dictionary Path

5 Initialize password generator Next Password(BRUTE|DICTIONARY) AttemptPassword() Correct? Tell Everyone Else I Found It Anyone Else Find It? END NO MORE? NO YES NO YES Framework (cont) Initialize decrypt engine

6 Brute Force All alphanumeric from 1 to 7 length o 0-9, A-Z, a-z o 62 possible characters 3,579,345,993,194 possible passwords o 62^7 + 62^6 +... 62^1 Traditional increment o 'a' + 1 ==> 'b' o 'az' + 1 ==> 'b0' o Not feasible for parallel

7 Brute Force - Algorithm Pick number from 1 to 3 trillion o Called position Know password without increment The Algorithm: f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) +... + factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n)

8 Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) +... + factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) ALPHA_LEN => Alphabet length o Number possible characters o 62 (easy to expand)

9 Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) +... + factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) n = PASSWORD LENGTH o Start at maximum possible (7) o Based on position find max possible < position o Password length is 1 more than that length

10 Brute Force - Algorithm (cont) f(position) = factor 1 * (ALPHA_LEN)^(n - 1) + factor 2 * (ALPHA_LEN)^(n - 2) +... + factor n-1 * (ALPHA_LEN)^(n - (n-1)) + factor n * (ALPHA_LEN)^(n - n) factor i is the ith character of the password o No factor can be zero o Must borrow from previous if zero factor i points to alphabet array index

11 Brute Force - Example position = 1,000,000 ALPHA_LEN = 62 n = 4 (password length) f(1,000,000) = factor 1 * (62)^(3) + factor 2 * (62)^(2) + factor 3 * (62)^(1) + factor 4 * (62)^(0) factors = 4, 12, 9, 2

12 Brute Force - Example (cont) factors = 4, 12, 9, 2 o Correspond to alphabet indexes const char PASSWORD_ALPHABET[] = { '\0', // always idx 0 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' }; PASSWORD = '3', 'B', '8', '1' or "3B81"

13 Dictionary Attack Mode Defeating a cipher or authentication mechanism by o Searching likely possibilities. o i.e. searching part of the key space. Not brute force Assumption: Potentially weak passwords

14 Building Dictionary Tool Used: John the Ripper o Permutations o Combinations Command o john --wordlist=all.lst --rules --stdout | unique mangled.lst

15 Building Dictionary (2) Rules o l (convert to lowercase) o C (lowercase the first character, and uppercase the rest) o r (reverse: "Fred" ==> "derF") o f (reflect: "Fred" ==> "FredderF") o d (duplicate: "Fred ==> "FredFred"") o..........and many more!! Time to permute: little over 4 hours Newer versions: o John the Ripper 1.7.6+  Support for OpenMP directives.  (Source:openwall.info/wiki/john/parallelization)

16 Reading the Dictionary: Initialization

17 Reading the Dictionary: Indexing Indexing uses o displacement array o rank o per process word count Load is evenly distributed. o Eg: n = 103, m = 10 o n/m = 103/10 = 10 o n%m = 103%10 = 3 o rank 0 : 11 words o rank 1 : 11 words o rank 2 = 11 words o rank 3-9 = 10 words

18 Requirements for Cracking a zip file Zip file format Extracting information from zip file Verifying the password Decrypting the file data Used Dr. Brian Gladman’s code o C library for AES encryption o Used by WinZip

19 Zip file format HEADER FILE NAME EXTRA FIELD SALT PASSWORD VERIFIER ENCRYPTED FILE DATA AUTHENTICATION CODE (MAC)

20 Password Verification Process Zip File Given Password

21 Password Verification Process Zip File Salt Given Password

22 Password Verification Process Zip File Salt Given Password Password Verifier

23 Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier

24 Password Verification Process Zip File Salt Password Verifier Match Given Password

25 Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier Match Return False

26 Password Verification Process Zip File Salt Password Verifier Given Password Password Verifier Match Return False

27 Password Verification Process Zip File Salt Password Verifier Data Given Password Password Verifier Match Return False

28 Password Verification Process Zip File Salt Password Verifier Data Given Password Password Verifier Match Decrypt MAC Return False

29 Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Return False

30 Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False

31 Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False

32 Password Verification Process Zip File Salt Password Verifier Data MAC Given Password Password Verifier Match Decrypt MAC Match Return False Return True

33 Speed ups Reducing file handling operations Quick 2 byte check Parallel implementation on GPU

34 Data Collection & Testing Frost o 32-bit, 700Mhz, 512MB Ram Janus o 64-bit, 2.8GHz, 2GB Ram o Ran in 32-bit mode Test Types o Brute and Dictionary o Nodes: 128, 1024, 2048, 4096 o First, Middle, Last, Never  (password positions) Model o Passwords / time unit for X nodes o Time to solution for X nodes

35 Results (Estimated Time: Brute, Janus )

36 Results (Estimated Time: Brute, Janus vs Frost)

37 Results (Estimated Time: Dictionary, Janus )

38 Results (Estimated Time: Dict., Janus vs Frost)

39 Conclusions Max throughput (Janus) o Brute = 172 passwords / second o Dictionary = 86 passwords / second Brute (Janus) o 7 alphanumeric = 60 days with 4096 processors o 8 alphanumeric = 9.9 years with 4096 processors o 10 alphanumeric = 38395 years with 4096 processors Dictionary (Janus) o 1 billion = 47.3 minutes with 4096 processors o 100 billion = 78.85 hours with 4096 processors Conclusion o Choose good passwords

40 Questions? http://code.google.com/p/pzapr/

Download ppt "PZAPR Parallel Zip Archive Password Recovery CSCI5576 - High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google