SlideShare a Scribd company logo

Brute forcing your privacy

Download as PPTX, PDF
A
AngelRoblesCordero

Brute Force ALgorithms

Software
1 of 19
Brute Force Algorithms: Invading Your Privacy One Character at a Time Angel M. Robles Cordero COMP-6785 Prof. Marko Schutz
Introduction Brute Force Algorithms require a lot of resources in order to be effective. As such many different programming approaches have been devised in order to solve problems more efficiently. So then, is there a place for brute force algorithms?
Brute Force Algorithms ● Are algorithms that rely on sheer computing power to test all possibilities ● A Brute Force Sort After each iteration places the smallest element element in top of the stack ● A Brute Force Search searches all possible solutions in a text between 0 and n-m
Brute Force Sort
Brute-Force Search
Why use brute force?
Password Cracking Hash or encrypt the estimated password using the same algorithm as the system being attacked Systematically compare the resultant encryption or hash against the real value Formulate an estimate of what the password could be Do they match? Yes A A No Store Cracked password
Password Hashing ● Passwords in a computer are not stored in plaintext ● A password hash is generated using a hash function ● A hash is designed as a one way function ● Thus the need to use Brute Force in order to “crack” passwords. Image obtained from: https://www.acunetix.com/wp-content/uploads/2015/08/password-hashing.png
Hashing Algorithms ● MD5 Compromised ● SHA-0 Compromised ● SHA-1 Potentially Vulnerable ● SHA-2 Safe for now ● SHA-3 Designed to easily replace SHA-2 and to be resilient towards attacks that could compromise SHA- 2 Image obtained from: http://crppit.epfl.ch/documentation/Hash_Function/Documentation/iguide-crypto- hashes_fichiers/password-hash-2.gif
Brute Force Attack ● Are trial and error methods used to decode encrypted data ● Brute Force attacks are commonly automated ● GPUs are used with great efficiency to crack passwords. Image obtained from: https://www.manageengine.com/log-management/images/cyber-security-attackswhat-is- brute-force-attack.png
Dictionary Attacks ● Employs the use of password lists ● Large quantities of known password lists exist on the Internet ● It works by entering each word in a dictionary as a password ● Speeds up the process of conducting a brute force attack Image obtained from: https://tweaklibrary.com/wp-content/uploads/2019/04/Difference-Between-Brute-Force-Dictionary- Attack-Tweaklibrary.jpg
John the Ripper
Rainbow Tables ● Huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext words ● These allow hackers to reverse the hashing function ● Allow passwords to be cracked in a very short amount of time
Rainbow Table Attack ● A type of attack where a rainbow table is used to crack the passwords stored in a database system. ● Does a quick cryptanalysis ● An exact password match is not needed for this attack to work Image obtained from: https://images.squarespace-cdn.com/content/v1/52ae955ce4b04f67f91b6df5/1550594084019- W7EAXBMCJJL089TSF8BH/ke17ZwdGBToddI8pDm48kHXKirbMjceC_dTSD3M9W2VZw- zPPgdn4jUwVcJE1ZvWEtT5uBSRWt4vQZAgTJucoTqqXjS3CfNDSuuf31e0tVGTP-E_K9LwsalFgt2tlYQN5J- ASqpc59tuy_suCOgrHJu3E9Ef3XsXP1C_826c-iU/rainbowtable.png
Flow of a Rainbow Table Attack Go to the start of plaintext chain in the Rainbow table Hash the plaintext Go to next Plaintext entry The plain text obtained is the password Does it match the hash to be cracked Read hash to be cracked Does the Rainbow table contain this hash Yes Yes No
Counter Measures ● Use more than 8 characters utilizing combinations of characters ● Enable multiple factor authentication ● Don’t write passwords in plaintext ● Don’t repeat the same password
Conclusion Brute Force algorithms are time consuming and resource hungry. Although other more efficient programming approaches exist, the value of brute force should not be dismissed. As we saw sometimes the only way to solve an issue is through brute force. (Even though the issue discussed may not be the most ethically correct)
Questions
References ● Guide.freecodecamp.org. (2019). Brute Force Algorithms. [online] Available at: https://guide.freecodecamp.org/algorithms/brute-force-algorithms/ [Accessed 26 Oct. 2019]. ● EDUCBA. (2019). Brute Force Algorithm | Learn thre basic concepts of Brute Force Algorithm. [online] Available at: https://www.educba.com/brute-force-algorithm/ [Accessed 29 Oct. 2019]. ● Cs.drexel.edu. (2019). Homework. [online] Available at: https://www.cs.drexel.edu/~jpopyack/Courses/AI/Wi16/assignments/HW4/index.html [Accessed 29 Oct. 2019]. ● Techopedia.com. (2019). What is Password Cracking? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/4044/password- cracking [Accessed 26 Oct. 2019]. ● Sciencedirect.com. (2019). Password Cracking - an overview | ScienceDirect Topics. [online] Available at: https://www.sciencedirect.com/topics/computer- science/password-cracking [Accessed 1 Nov. 2019]. ● Greenberg, A., Greenberg, A., Baker-Whitcomb, A., Barrett, B., Thompson, N., Barber, G., Knight, W. and Nield, D. (2019). Hacker Lexicon: What Is Password Hashing?. [online] WIRED. Available at: https://www.wired.com/2016/06/hacker- lexicon-password-hashing/ [Accessed 1 Nov. 2019]. ● SearchSecurity. (2019). What is brute force attack? - Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/brute-force- cracking [Accessed 2 Nov. 2019]. ● Inside Out Security. (2019). How to Use John the Ripper: Tips and Tutorials | Varonis. [online] Available at: https://www.varonis.com/blog/john-the-ripper/ [Accessed 3 Nov. 2019]. ● GeeksforGeeks. (2019). Understanding Rainbow Table Attack - GeeksforGeeks. [online] Available at: https://www.geeksforgeeks.org/understanding-rainbow-table- attack/ [Accessed 4 Nov. 2019]. ● Rehman, I. (2019). What Is A Brute Force Attack?. [online] The Official Cloudways Blog. Available at: https://www.cloudways.com/blog/what-is-brute-force-attack/ [Accessed 2 Nov. 2019]. ● Techopedia.com. (2019). What is Dictionary Attack? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/1774/dictionary-attack [Accessed 5 Nov. 2019].

Recommended

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Information on Brute Force Attack
Information on Brute Force AttackInformation on Brute Force Attack
Information on Brute Force AttackHTS Hosting
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringAndrew Kirkpatrick
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
Improving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesNikos Katirtzis
 
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Nikos Katirtzis
 

Recommended

Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Information on Brute Force Attack
Information on Brute Force AttackInformation on Brute Force Attack
Information on Brute Force AttackHTS Hosting
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringAndrew Kirkpatrick
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
Improving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesNikos Katirtzis
 
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Nikos Katirtzis
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!Help Doctor, my application is an onion!
Help Doctor, my application is an onion!Sebastián Guerrero Selma
 
Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018Grigory Sapunov
 
Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127Aravindharamanan S
 
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...Amazon Web Services
 
Enterprise Password Worst Practices
Enterprise Password Worst PracticesEnterprise Password Worst Practices
Enterprise Password Worst PracticesImperva
 
Technology Based Testing
Technology Based TestingTechnology Based Testing
Technology Based TestingAlan Richardson
 
Hacking - high school intro
Hacking - high school introHacking - high school intro
Hacking - high school introPeter Hlavaty
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-RoadmapBnhNguynHuy1
 
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...IJCNCJournal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad WoodOrtus Solutions, Corp
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 
Lunch and learn as3_frameworks
Lunch and learn as3_frameworksLunch and learn as3_frameworks
Lunch and learn as3_frameworksYuri Visser
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stackMinhaz A V
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questionssandi4204
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 

More Related Content

Similar to Brute forcing your privacy

Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018Grigory Sapunov
 
Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127Aravindharamanan S
 
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...Amazon Web Services
 
Enterprise Password Worst Practices
Enterprise Password Worst PracticesEnterprise Password Worst Practices
Enterprise Password Worst PracticesImperva
 
Technology Based Testing
Technology Based TestingTechnology Based Testing
Technology Based TestingAlan Richardson
 
Hacking - high school intro
Hacking - high school introHacking - high school intro
Hacking - high school introPeter Hlavaty
 
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...IJCNCJournal
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad WoodOrtus Solutions, Corp
 
Pentester++
Pentester++Pentester++
Pentester++CTruncer
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 
Lunch and learn as3_frameworks
Lunch and learn as3_frameworksLunch and learn as3_frameworks
Lunch and learn as3_frameworksYuri Visser
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stackMinhaz A V
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questionssandi4204
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 

Similar to Brute forcing your privacy (20)

Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
 
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
 
Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018Deep Learning: Application Landscape - March 2018
Deep Learning: Application Landscape - March 2018
 
Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127Dl applicationlandscape-mar2018-180405144127
Dl applicationlandscape-mar2018-180405144127
 
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
Training Chatbots and Conversational Artificial Intelligence Agents with Amaz...
 
Enterprise Password Worst Practices
Enterprise Password Worst PracticesEnterprise Password Worst Practices
Enterprise Password Worst Practices
 
Technology Based Testing
Technology Based TestingTechnology Based Testing
Technology Based Testing
 
Hacking - high school intro
Hacking - high school introHacking - high school intro
Hacking - high school intro
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-Roadmap
 
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Wood
 
Pentester++
Pentester++Pentester++
Pentester++
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
 
Lunch and learn as3_frameworks
Lunch and learn as3_frameworksLunch and learn as3_frameworks
Lunch and learn as3_frameworks
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 

Brute forcing your privacy

  • 1. Brute Force Algorithms: Invading Your Privacy One Character at a Time Angel M. Robles Cordero COMP-6785 Prof. Marko Schutz
  • 2. Introduction Brute Force Algorithms require a lot of resources in order to be effective. As such many different programming approaches have been devised in order to solve problems more efficiently. So then, is there a place for brute force algorithms?
  • 3. Brute Force Algorithms ● Are algorithms that rely on sheer computing power to test all possibilities ● A Brute Force Sort After each iteration places the smallest element element in top of the stack ● A Brute Force Search searches all possible solutions in a text between 0 and n-m
  • 6. Why use brute force?
  • 7. Password Cracking Hash or encrypt the estimated password using the same algorithm as the system being attacked Systematically compare the resultant encryption or hash against the real value Formulate an estimate of what the password could be Do they match? Yes A A No Store Cracked password
  • 8. Password Hashing ● Passwords in a computer are not stored in plaintext ● A password hash is generated using a hash function ● A hash is designed as a one way function ● Thus the need to use Brute Force in order to “crack” passwords. Image obtained from: https://www.acunetix.com/wp-content/uploads/2015/08/password-hashing.png
  • 9. Hashing Algorithms ● MD5 Compromised ● SHA-0 Compromised ● SHA-1 Potentially Vulnerable ● SHA-2 Safe for now ● SHA-3 Designed to easily replace SHA-2 and to be resilient towards attacks that could compromise SHA- 2 Image obtained from: http://crppit.epfl.ch/documentation/Hash_Function/Documentation/iguide-crypto- hashes_fichiers/password-hash-2.gif
  • 10. Brute Force Attack ● Are trial and error methods used to decode encrypted data ● Brute Force attacks are commonly automated ● GPUs are used with great efficiency to crack passwords. Image obtained from: https://www.manageengine.com/log-management/images/cyber-security-attackswhat-is- brute-force-attack.png
  • 11. Dictionary Attacks ● Employs the use of password lists ● Large quantities of known password lists exist on the Internet ● It works by entering each word in a dictionary as a password ● Speeds up the process of conducting a brute force attack Image obtained from: https://tweaklibrary.com/wp-content/uploads/2019/04/Difference-Between-Brute-Force-Dictionary- Attack-Tweaklibrary.jpg
  • 13. Rainbow Tables ● Huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext words ● These allow hackers to reverse the hashing function ● Allow passwords to be cracked in a very short amount of time
  • 14. Rainbow Table Attack ● A type of attack where a rainbow table is used to crack the passwords stored in a database system. ● Does a quick cryptanalysis ● An exact password match is not needed for this attack to work Image obtained from: https://images.squarespace-cdn.com/content/v1/52ae955ce4b04f67f91b6df5/1550594084019- W7EAXBMCJJL089TSF8BH/ke17ZwdGBToddI8pDm48kHXKirbMjceC_dTSD3M9W2VZw- zPPgdn4jUwVcJE1ZvWEtT5uBSRWt4vQZAgTJucoTqqXjS3CfNDSuuf31e0tVGTP-E_K9LwsalFgt2tlYQN5J- ASqpc59tuy_suCOgrHJu3E9Ef3XsXP1C_826c-iU/rainbowtable.png
  • 15. Flow of a Rainbow Table Attack Go to the start of plaintext chain in the Rainbow table Hash the plaintext Go to next Plaintext entry The plain text obtained is the password Does it match the hash to be cracked Read hash to be cracked Does the Rainbow table contain this hash Yes Yes No
  • 16. Counter Measures ● Use more than 8 characters utilizing combinations of characters ● Enable multiple factor authentication ● Don’t write passwords in plaintext ● Don’t repeat the same password
  • 17. Conclusion Brute Force algorithms are time consuming and resource hungry. Although other more efficient programming approaches exist, the value of brute force should not be dismissed. As we saw sometimes the only way to solve an issue is through brute force. (Even though the issue discussed may not be the most ethically correct)
  • 19. References ● Guide.freecodecamp.org. (2019). Brute Force Algorithms. [online] Available at: https://guide.freecodecamp.org/algorithms/brute-force-algorithms/ [Accessed 26 Oct. 2019]. ● EDUCBA. (2019). Brute Force Algorithm | Learn thre basic concepts of Brute Force Algorithm. [online] Available at: https://www.educba.com/brute-force-algorithm/ [Accessed 29 Oct. 2019]. ● Cs.drexel.edu. (2019). Homework. [online] Available at: https://www.cs.drexel.edu/~jpopyack/Courses/AI/Wi16/assignments/HW4/index.html [Accessed 29 Oct. 2019]. ● Techopedia.com. (2019). What is Password Cracking? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/4044/password- cracking [Accessed 26 Oct. 2019]. ● Sciencedirect.com. (2019). Password Cracking - an overview | ScienceDirect Topics. [online] Available at: https://www.sciencedirect.com/topics/computer- science/password-cracking [Accessed 1 Nov. 2019]. ● Greenberg, A., Greenberg, A., Baker-Whitcomb, A., Barrett, B., Thompson, N., Barber, G., Knight, W. and Nield, D. (2019). Hacker Lexicon: What Is Password Hashing?. [online] WIRED. Available at: https://www.wired.com/2016/06/hacker- lexicon-password-hashing/ [Accessed 1 Nov. 2019]. ● SearchSecurity. (2019). What is brute force attack? - Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/brute-force- cracking [Accessed 2 Nov. 2019]. ● Inside Out Security. (2019). How to Use John the Ripper: Tips and Tutorials | Varonis. [online] Available at: https://www.varonis.com/blog/john-the-ripper/ [Accessed 3 Nov. 2019]. ● GeeksforGeeks. (2019). Understanding Rainbow Table Attack - GeeksforGeeks. [online] Available at: https://www.geeksforgeeks.org/understanding-rainbow-table- attack/ [Accessed 4 Nov. 2019]. ● Rehman, I. (2019). What Is A Brute Force Attack?. [online] The Official Cloudways Blog. Available at: https://www.cloudways.com/blog/what-is-brute-force-attack/ [Accessed 2 Nov. 2019]. ● Techopedia.com. (2019). What is Dictionary Attack? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/1774/dictionary-attack [Accessed 5 Nov. 2019].