Password Cracking and preventing

1,942 views

Published on

for password cracking.....

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,942
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Password Cracking and preventing

  1. 1. RAINBOW TABLES<br /> LM & NTLM HASHES<br /> By:- Rahul Sharma TE COMPUTERS T3224245<br />
  2. 2. How Windows Store Passwords??<br /><ul><li>LM “hashes”
  3. 3. Old technology used on LAN Manager
  4. 4. NT hashes
  5. 5. Unicode password or MD4 hash
  6. 6. Used for authentication on more recent Windows systems</li></li></ul><li>How a Hash looks Like??<br />E52CAC67419A9A224A3B108F3FA6CB6D <br />
  7. 7. LM “Hash” Generation<br />
  8. 8. how to create the hash<br />
  9. 9. LM hashes<br />
  10. 10. Overview<br />
  11. 11. Proof that case doesn’t matter<br />Password = E52CAC67419A9A22 4A3B108F3FA6CB6D <br />PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D <br />Password1 = E52CAC67419A9A22 38F10713B629B565<br />
  12. 12. NTLM HASHES<br />Uses MD4 algorithm to create a hash of the mixed-case password<br />Results in a 16 byte hash of the password (stored in the SAM…)<br />Used for any password greater than 14 characters<br />
  13. 13. NTLM HASH <br />
  14. 14. Proof that case DOES matter<br />Password = F15ABD57801840F3<br />348DDCCAFB677F6A <br />PaSSwORd = 17504CE07C0A0D4A<br />1BD3A99A0821F957<br /> Password1 = F9A3152D926F9FF8<br />98D0BAFBA0BFFD30<br />
  15. 15. NTLM Hash Considerations<br />Case preserving<br />Maximum length = 127 characters<br />Better Security than LM Hashes<br />Number of ≤14-character password (full char set) ≈ 2.7*1067<br />Number of 127-character passwords ≈ 4.9*10611<br />
  16. 16. ATTACKS ON PASSWORDS….<br />
  17. 17.
  18. 18.
  19. 19. <ul><li>What is a Brute Force Attack?
  20. 20. Types of Brute Force attacks: </li></ul> Online B.F.<br /> Offline B.F.<br /><ul><li>Can be prevented :-</li></ul>limit number of login attempts<br />
  21. 21.
  22. 22.
  23. 23. Reduce<br />Hash<br />Hash<br />Reduce<br />Reduce<br />
  24. 24.
  25. 25. Algorithm followed:-<br />
  26. 26. Hash<br />Reduce<br />Reduce<br />Hash<br />Reduce<br />Hash<br />Reduce<br />Hash<br />
  27. 27.
  28. 28. IS THIS EFFECTIVE???<br />
  29. 29. How to prevent rainbow tables from cracking passwords??<br />
  30. 30. What is SALT??<br />Special text or code.<br />It does password strengthening<br />SOME FACTS:-<br /><ul><li>Windows doesn't salt its hash!
  31. 31. This makes it possible to speed up password cracking with precomputed Rainbow Tables
  32. 32. LINUX uses SALT….</li></li></ul><li>PROOF<br />Here are two accounts on a Windows 7 Beta machine with the password 'password'<br />This hash is from a different Windows 7 Beta machine<br />
  33. 33. Linux Salts its Hashes<br />
  34. 34. TWITTER ATTACK!!!<br /><ul><li>18yr student used dictionary script to automatically trying English word which led him to stuff account.
  35. 35. Username: “crystal”, password:”Happiness” .</li></li></ul><li>
  36. 36. REFERENCES<br />IEEE PAPERS<br /><ul><li>[1] Orhun KARA and Adem ATALAY - “Preimages of Hash Functions Through Rainbow Tables” dated-September 14-16, 2009
  37. 37. [2] Kostas Theoharoulis,Charalampos Manifavas and Ioannis Papaefstathiou - “HighEnd Reconfigurable Systems for fast Windows’ Password Cracking” dated - November 10, 2009</li></ul>WEBSITES<br /><ul><li>http://www.rainbowtables.net/tutorials.php
  38. 38. http://en.wikipedia.org/wiki/Rainbow_table
  39. 39. http://www.freerainbowtables.com/
  40. 40. http://kestas.kuliukas.com/RainbowTables/
  41. 41. http://project-rainbowcrack.com/
  42. 42. http://www.ethicalhacker.net/content/view/94/24</li></li></ul><li>

×