Presentation is loading. Please wait.

Presentation is loading. Please wait.

But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input.

Published byRalph Smith Modified over 8 years ago

Similar presentations

Presentation on theme: "But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input."— Presentation transcript:

1

2 But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input string.  Crack – To recover the original string that hashes to the hash string.  Key space – All possible keys (strings) to test.

3 Passwords to Other People  Secret phrase that keeps their stuff safe, and allows only that person that knows it admission to something.  The problem is that, just because something has a password doesn’t mean it is necessarily safe.

4 Exploiting that Mindset…  Passwords can give a false sense of security.  Leading to relaxed password complexity Short passwords Dictionary words  Following the same password patterns around the web. …The perfect place to look…

5 Are the patterns!  Rockyou Database Length 8 – 20% Length 7 – 17% Length 9 – 15% Lower alpha num – 42% Lower alpha- 25%

6 Understanding a Mask  ?d – Digits  ?l – lower case alpha  ?u – uppercase  ?s – symbols  ?h – hex 0xc0 – 0xff  ?D-German alphabet  ?F-French alphabet  ?R-Russian alphabet

7 Password Mask Topologies  The top 5 patterns usually cracks around 20 - 40% of all passwords  The top 100 patterns usually cracks around 60 - 80%  Examples:  ullllldd  ulllllldd  ullldddd Hank Leininger – Password Topology https://www.youtube.com/watch?v=KmvRKWmFVo8

8 What even is a password cracker?  A password cracker is used to translate a hashed password back into the original string.  This is done by hashing multiple strings and comparing if the hash matches the one you have on file.  Examples: MD5(noob) -> 9cb4afde731e9eadcda4506ef7c65fa2 MD5(your) -> 62cc0b4ebb0b57b40778179234246c38 MD5(password) -> 5f4dcc3b5aa765d61d8327deb882cf99 MD5(sucks) -> 9bbf7382baad324c5a97e18387f932d7

9 What does distributed mean?  A distributed password cracker splits up the key space amongst multiple worker nodes, to further parallelize the workload.

10 Server Design

11 How does the cracker hold up?  Class F speed ( greater than 1 Billion a second)  9 ?d – close to instant  9 ?u or ?l – 1.5 hours  9 ?u+?d – 28 hours  8 ?a (96 chars) – 83 days  School network (rm 315)  Some GPUs get over 2 billion now days http://www.lockdown.co.uk/?pg=combi&s=articles#classA

12 Why we need longer passwords Cpu vs. GPU speeds http://dame.dsf.unina.it/project.html

13 How do we fix our passwords?  Increase your length! 8 characters is no longer strong enough Aim for 14+ characters. ?a space  Don’t follow the most predictable patterns! Stay away from minimal password changes  Consider using password managers (LastPass, KeePass)

Download ppt "But first… some key terms…  Hash – Output string from a cryptographic hashing function that is hopefully impossible to go backwards to original input."

Similar presentations

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Not for noobs…. What even is a GPU?  A GPU (Graphics Processing Unit) is piece of hardware(single chip processor) primarily used for computing 3D functions.

Not for noobs…. What even is a GPU?  A GPU (Graphics Processing Unit) is piece of hardware(single chip processor) primarily used for computing 3D functions.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Password cracking.

Password cracking.
Combinatorial Pattern Matching CS 466 Saurabh Sinha.

Combinatorial Pattern Matching CS 466 Saurabh Sinha.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Tutorial 5 Creating Advanced Queries and Enhancing Table Design

Tutorial 5 Creating Advanced Queries and Enhancing Table Design
Improving Usability Through Password-Corrective Hashing Andrew Mehler www.cs.sunysb.edu/~mehler Steven Skiena www.cs.sunysb.edu/~skiena Stony Brook University.

Improving Usability Through Password-Corrective Hashing Andrew Mehler Steven Skiena Stony Brook University.
Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.

Presentation on Black Hat Windows 2000 Security Conference Analysis of Microsoft Office password protection system, and survey.
Creating Web Page Forms

Creating Web Page Forms
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.
Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.

Exploit: Password Cracking. An Overview on Password Cracking Password cracking is a term used to describe the penetration of a network, system, or resource.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.

Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Similar presentations

Ads by Google