• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Password Cracking and preventing
 

Password Cracking and preventing

on

  • 1,742 views

for password cracking.....

for password cracking.....

Statistics

Views

Total Views
1,742
Views on SlideShare
1,740
Embed Views
2

Actions

Likes
0
Downloads
30
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Password Cracking and preventing Password Cracking and preventing Presentation Transcript

    • RAINBOW TABLES
      LM & NTLM HASHES
      By:- Rahul Sharma TE COMPUTERS T3224245
    • How Windows Store Passwords??
      • LM “hashes”
      • Old technology used on LAN Manager
      • NT hashes
      • Unicode password or MD4 hash
      • Used for authentication on more recent Windows systems
    • How a Hash looks Like??
      E52CAC67419A9A224A3B108F3FA6CB6D
    • LM “Hash” Generation
    • how to create the hash
    • LM hashes
    • Overview
    • Proof that case doesn’t matter
      Password = E52CAC67419A9A22 4A3B108F3FA6CB6D
      PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D
      Password1 = E52CAC67419A9A22 38F10713B629B565
    • NTLM HASHES
      Uses MD4 algorithm to create a hash of the mixed-case password
      Results in a 16 byte hash of the password (stored in the SAM…)
      Used for any password greater than 14 characters
    • NTLM HASH
    • Proof that case DOES matter
      Password = F15ABD57801840F3
      348DDCCAFB677F6A
      PaSSwORd = 17504CE07C0A0D4A
      1BD3A99A0821F957
      Password1 = F9A3152D926F9FF8
      98D0BAFBA0BFFD30
    • NTLM Hash Considerations
      Case preserving
      Maximum length = 127 characters
      Better Security than LM Hashes
      Number of ≤14-character password (full char set) ≈ 2.7*1067
      Number of 127-character passwords ≈ 4.9*10611
    • ATTACKS ON PASSWORDS….
      • What is a Brute Force Attack?
      • Types of Brute Force attacks:
      Online B.F.
      Offline B.F.
      • Can be prevented :-
      limit number of login attempts
    • Reduce
      Hash
      Hash
      Reduce
      Reduce
    • Algorithm followed:-
    • Hash
      Reduce
      Reduce
      Hash
      Reduce
      Hash
      Reduce
      Hash
    • IS THIS EFFECTIVE???
    • How to prevent rainbow tables from cracking passwords??
    • What is SALT??
      Special text or code.
      It does password strengthening
      SOME FACTS:-
      • Windows doesn't salt its hash!
      • This makes it possible to speed up password cracking with precomputed Rainbow Tables
      • LINUX uses SALT….
    • PROOF
      Here are two accounts on a Windows 7 Beta machine with the password 'password'
      This hash is from a different Windows 7 Beta machine
    • Linux Salts its Hashes
    • TWITTER ATTACK!!!
      • 18yr student used dictionary script to automatically trying English word which led him to stuff account.
      • Username: “crystal”, password:”Happiness” .
    • REFERENCES
      IEEE PAPERS
      • [1] Orhun KARA and Adem ATALAY - “Preimages of Hash Functions Through Rainbow Tables” dated-September 14-16, 2009
      • [2] Kostas Theoharoulis,Charalampos Manifavas and Ioannis Papaefstathiou - “HighEnd Reconfigurable Systems for fast Windows’ Password Cracking” dated - November 10, 2009
      WEBSITES
      • http://www.rainbowtables.net/tutorials.php
      • http://en.wikipedia.org/wiki/Rainbow_table
      • http://www.freerainbowtables.com/
      • http://kestas.kuliukas.com/RainbowTables/
      • http://project-rainbowcrack.com/
      • http://www.ethicalhacker.net/content/view/94/24