#fsec
Cryptography implementation weaknesses
based on true story
Vlatko Kosturjak
https://twitter.com/k0st
BM-2D972vHJXV8n...
Agenda
● True story – my perspective
● I got this hash...
– What it is?
– Is it vulnerable?
– How I can crack it?
● Recomm...
Elephant in the room...
Let's start with the hashes! :)
http://www.openwall.com/lists/john-dev/2013/03/15/10
Somewhere in the galaxy...
http://www.openwall.com/lists/john-dev/2013/03/06/5
Let's look closer!
Same hash for same password different user?
● Password reuse identification
● Password frequency
● Memo...
Story goes on...
http://www.openwall.com/lists/john-dev/2013/03/12/5
Finding what it is..
● “...My only advise is to just pretend you found this hash and
have no clue where it came from. Now ...
So, what it is?
In short, please!
● BASE64 with custom charset
– ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY
Zabcdefghijklmnopqr...
Cisco SHA256 implementation
● First implementation in PHP
– http://pastebin.com/1yCLwyVY
● First implementation in Perl
– ...
First C implementation as new
format type in john
http://www.openwall.com/lists/john-dev/2013/03/16/7
https://github.com/k...
Wait a minute?
● It is Base64 with custom iteration
– Decode it!
– And encode it correctly
● How john likes it ;)
● What t...
Over?
Not yet!
cisco2john.pl
$ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed
$ cat cisco.in
enable_secret_level_2:5e884898da28047151d...
cisco2john.pl
multiple configurations
$ ls *conf
127.0.0.1-startup-config
127.0.0.1-running-config
[..]
192.168.1.1-startu...
Public advisory
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
Password types
sorted by recommendations
Password type Method
5 MD5
4 SHA256 (no salt)
7 Decode
0 Plaintext
Recommendations
● Implementators
– Think about implementation of your crypto
● Even big guys missed it
– Implement basic c...
Summary
● Crypto implementations can be bad
– Nothing new
● “Improving” crypto is two way direction
● Working together
– L...
Thanks for your time
Questions?
https://twitter.com/k0st
BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
Upcoming SlideShare
Loading in …5
×

Cryptography implementation weaknesses: based on true story

9,859 views

Published on

Cryptography implementation weaknesses: based on true story. It is story about Cisco password type 4 which was introduced recently. It supposed to be better than Cisco password type 5 (MD5), but due to implementation weaknesses, it ended up the other way...

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,859
On SlideShare
0
From Embeds
0
Number of Embeds
38
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cryptography implementation weaknesses: based on true story

  1. 1. #fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
  2. 2. Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
  3. 3. Elephant in the room...
  4. 4. Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
  5. 5. Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
  6. 6. Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
  7. 7. Story goes on... http://www.openwall.com/lists/john-dev/2013/03/12/5
  8. 8. Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
  9. 9. So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
  10. 10. Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
  11. 11. First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
  12. 12. Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
  13. 13. Over? Not yet!
  14. 14. cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  15. 15. cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  16. 16. Public advisory http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
  17. 17. Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
  18. 18. Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
  19. 19. Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
  20. 20. Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN

×