SlideShare a Scribd company logo

Cryptography implementation weaknesses: based on true story

Download as ODP, PDF
V
Vlatko Kosturjak

Vlatko Kosturjak discusses weaknesses found in a Cisco SHA256 password hash implementation. He describes how he was able to determine the hash was using an insecure custom charset and no salt or iterations. This allowed him to crack the hash using rainbow tables. He created tools to convert Cisco configuration files to the John the Ripper format and cracked multiple passwords. His recommendations include implementing stronger cryptography, avoiding password reuse, and working with security researchers to improve implementations.

Technology
1 of 20
#fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
Elephant in the room...
Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
Story goes on... http://www.openwall.com/lists/john-dev/2013/03/12/5
Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
Over? Not yet!
cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
Public advisory http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN

Recommended

my portfoliopresentation
my portfoliopresentationmy portfoliopresentation
my portfoliopresentationJoseReyes
 
Perfiles
PerfilesPerfiles
PerfilesDianaPaolaFrancoGavi
 
New text document
New text documentNew text document
New text documentsskchaitu
 
Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Francesco Laurita
 
Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Deepanshu Gajbhiye
 
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE
 
JS in Space
JS in SpaceJS in Space
JS in SpaceRyan Kotzen
 

Recommended

my portfoliopresentation
my portfoliopresentationmy portfoliopresentation
my portfoliopresentationJoseReyes
 
Perfiles
PerfilesPerfiles
PerfilesDianaPaolaFrancoGavi
 
New text document
New text documentNew text document
New text documentsskchaitu
 
Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Francesco Laurita
 
Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Deepanshu Gajbhiye
 
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE
 
JS in Space
JS in SpaceJS in Space
JS in SpaceRyan Kotzen
 
iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - Infinum
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubySource Conference
 
Cocina conxamarin
Cocina conxamarinCocina conxamarin
Cocina conxamarinJosé Manuel Montero Ortega
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)ly2wf
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search enginesUmar Ali
 
Link download
Link downloadLink download
Link downloadNadzirah Md Rashid
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Almir Mendes
 
Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSVlatko Kosturjak
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! Sean Prunka
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)Sean Prunka
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidorMauricio Vieira
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersJuho Teperi
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine LearningTarek Hoteit
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on ClojureEunPyoung Kim
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFrederic Descamps
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 

More Related Content

What's hot

iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - Infinum
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubySource Conference
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)ly2wf
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search enginesUmar Ali
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Almir Mendes
 

What's hot (7)

iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 -
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat Ruby
 
Cocina conxamarin
Cocina conxamarinCocina conxamarin
Cocina conxamarin
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search engines
 
Link download
Link downloadLink download
Link download
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"
 

Similar to Cryptography implementation weaknesses: based on true story

Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSVlatko Kosturjak
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! Sean Prunka
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)Sean Prunka
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidorMauricio Vieira
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersJuho Teperi
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine LearningTarek Hoteit
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on ClojureEunPyoung Kim
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFrederic Descamps
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
Ripping web accessible .git files
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git filesVlatko Kosturjak
 
Don't Think Websites, think data
Don't Think Websites, think dataDon't Think Websites, think data
Don't Think Websites, think dataMike Ellis
 
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02World Sports Boats
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
 

Similar to Cryptography implementation weaknesses: based on true story (20)

Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCS
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny!
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidor
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript Developers
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in style
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine Learning
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on Clojure
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkit
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
 
Racing with Droids
Racing with DroidsRacing with Droids
Racing with Droids
 
Ripping web accessible .git files
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git files
 
Don't Think Websites, think data
Don't Think Websites, think dataDon't Think Websites, think data
Don't Think Websites, think data
 
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Cryptography implementation weaknesses: based on true story

  • 1. #fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
  • 2. Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
  • 3. Elephant in the room...
  • 4. Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
  • 5. Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
  • 6. Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
  • 8. Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
  • 9. So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
  • 10. Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
  • 11. First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
  • 12. Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
  • 14. cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • 15. cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • 17. Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
  • 18. Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
  • 19. Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
  • 20. Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN