Cryptography implementation weaknesses: based on true story
Upcoming SlideShare
Loading in...5
×
 

Cryptography implementation weaknesses: based on true story

on

  • 8,714 views

Cryptography implementation weaknesses: based on true story. It is story about Cisco password type 4 which was introduced recently. It supposed to be better than Cisco password type 5 (MD5), but due ...

Cryptography implementation weaknesses: based on true story. It is story about Cisco password type 4 which was introduced recently. It supposed to be better than Cisco password type 5 (MD5), but due to implementation weaknesses, it ended up the other way...

Statistics

Views

Total Views
8,714
Views on SlideShare
8,685
Embed Views
29

Actions

Likes
0
Downloads
2
Comments
0

1 Embed 29

https://twitter.com 29

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cryptography implementation weaknesses: based on true story Cryptography implementation weaknesses: based on true story Presentation Transcript

  • #fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
  • Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
  • Elephant in the room...
  • Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
  • Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
  • Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
  • Story goes on... http://www.openwall.com/lists/john-dev/2013/03/12/5
  • Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
  • So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
  • Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
  • First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
  • Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
  • Over? Not yet!
  • cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • Public advisory http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
  • Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
  • Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
  • Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
  • Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN