Passwd crack introduction

412 views

Published on

Introduce the password crack

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
412
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Passwd crack introduction

  1. 1. Passwd Crack cmj
  2. 2. Abstract ● Introduce password crack ○ Password introduce ○ Crack method ○ No news, no tech
  3. 3. Store Password ● Plaintext ○ Store the raw password in ■ Plain text ■ Data base or encoding ● Cipher ○ Hash ○ Encrypt
  4. 4. Hash vs Encrypt ● One-way function ● Conflict is possible ● Faster ● Based on algo. ● Revertable ● May not conflict ● Slower ● Based on algo. and key
  5. 5. Hash Algorithm ● Process variable data as fixed length data ○ Trivial simple: ■ fn(x) = hex(x) % 16 ○ Complexity ■ Split into several fixed chunk ■ Shuffle the chunk ■ Repeat run encryption algorithm
  6. 6. Hash Algo. Abstract ● Raw data: 0123456789ABCDEF0 ○ Split into fixed size chunk ■ padding if need ■ 0123 4567 89AB CDEF 0333 ○ Shuffle per each chunk and run hash algo. ■ 3210 7654 BA98 FEDC 3330 ■ 3560 7D26 B708 FD91 3690 ■ 9DAF
  7. 7. Good or Bad ● Perfect hash algo ○ A hash function that is injective ● A good hash algo. ○ uniform ○ avalanche effect
  8. 8. Crack ● Trivial way ○ Brute Force - Enumerate all possible ● Humanable ○ Dictionary attack - Enumerate TOP used possible ● Technique ○ Rainbow attach ○ Design deflaw
  9. 9. Rainbow Attack ● Trivial way ○ Try to crack hash value h ○ Possible answer X => h’ = f(x) ○ Compare h and h’ => not match => Repeat ● Table ○ Pre-compute the h1, h2 ... as rainbow table ○ compare between h and rainbow table
  10. 10. Why call Rainbow ● Rainbow function: r(x) ○ V1 => h1 = f(V1) => V2 = r(h1) => h2 = f(V2) … ○ Table store V1 and h2 ○ Hashed value h ■ compute h’ = f(r(h)) ■ Try to find match for h and h’ in table ○ if h match => raw data is V2 ○ if h’ match => raw data is V1
  11. 11. Benefit ● Reduce the necessary table size ○ Only store front and end ● Reduce the compute time ○ Only compute hash “one time” per hash value ● Bound on rainbow table and rainbow function
  12. 12. Ref ● http://en.wikipedia. org/wiki/Rainbow_table ● https://www.thc.org/thc-hydra/ ● http://www.openwall.com/john/ ● https://crackstation.net/
  13. 13. Thanks

×