Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]

Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Building Dictionaries and
Destroying Hashes using
Amazon EC2
Steve Werby
[President | Security Researcher | Security Consultant]
Befriend

1. Infosec since 1999
2. Former (CISO)3
3. BS Industrial Engineering, MBA, certs
4. Presented at Hack3rCon, SecTor, DerbyCon, ShmooCon,
ConSec, SOURCE Conference, LASCON, BSidesDFW, VA SCAN, EDUCAUSE,
InfraGard, OWASP, ISSA, AITP, IEEE, …

1. Value of password resiliency assessments
2. Freely available assessment tools
3. Assessment methodologies
4. Buy or rent
5. Utilizing EC2
6. Hashing algorithm
7. Passphrases vs. passwords
Presentation goals

 Have a question? Ask!
 Have a comment? Share!
 I’ll ask some questions too.

 One-way functions (non-reversible)
 Outputs a fixed-length string (unique…usually)
 Such as MD5, SHA1, NTLM, and WPA
781ab37e7553fef1809efdf8cff656dc
54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Hashes
1. Username: steve, Password: 2012Election
2. Transmitted to server
3. md5(“2012Election”)
4. Output compared to value stored on server
5. If match, successful login

 String concatenated with password pre-hashing
 Salt is rand(a-z) – can be from a larger key space
 md5(“w2012Election”)
 Stored in password DB as w:2012Election
781ab37e7553fef1809efdf8cff656dc
54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Salts
1. Key space increased by factor of 26
2. Identical password != identical hash
3. Precomputation data storage increased

Cracking strategies
1. Precompute hashes for a set of strings
2. Enumerate password hash file
3. Search for match in precomputation file
Precomputation
781ab37e75 fc93d481c1:hunger
fdaa4719ed fdaa3b7c0d:earring
ffe81a52d2 fdaa4719ed:ISACA

Cracking strategies
1. Enumerate a set of strings
2. Hash the strings
3. Search for match in password hash file
String enumeration
fc93d481c1 ISABY:e715b3aca
fdaa4719ed ISABZ:9c74be0d1a
ffe81a52d2 ISACA:fdaa4719ed
ISACB:0b27cca621

 Number of tests needed
 Time per test

NTLM:
MD5:
SHA1:
LM:
SHA512:
60x
40x
20x
10x
x

 Length
 Composition
 Complexity
 Aging
 Construction prohibitions
 Reuse
 Memorization and storage
Your password policy?
Password policies

Password aging was
intended to reduce the time
a bad actor had to guess a
password. With modern
computing power, this
control isn’t logical and
results in undesirable
user behavior and
reduces IT/infosec trust.

1. Gain intelligence about user behavior
2. Assess password policies and user education
3. Strengthen argument for…
technical controls
policy changes
algorithm changes
2FA
But why do it?

 John the Ripper
 hashcat[-plus|-lite]
 Cryptohaze Multiforcer

 Key space = set of strings to enumerate
 A-Z = 26, a-z = 26, 0-9 = 10
 [A-Z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][0-9]
 (26)^1 * (26)^8 * (10)^1
 13,537,086,546,263,600 ≈ 13.5 thousand trillion
Password1
Key space / brute force attack

 Average adult vocabulary?
 Key space = dictionary size
alamo
Dictionary attack

 Average adult vocabulary?
 Key space = dictionary size
RockYou exposure analysis

 Transformations like using config file to set rules:
Duplication
Reversal
Appending
Repeating
 Key space of dictionary attack * transformations
Alamo!, omal, aallaammoo
Rule attack

 Combines strings from one dictionary with
strings from another
 Dictionary 1 = 10,000 strings
 Dictionary 2 = 50,000 strings
 Combinations = 500 million
 Vs. ~5.4 trillion for [a-z]^9 key space
 Reduces key space by 99.99%
 1 day => 8 seconds
alamocity
Combinator attack

 It’s Str0ng!
 -1 ?u -2 ?l -3 ?d
 ?1?2?2?2?2?2?2?2?3
Password1
Mask attack

 It’s Str0ng!
 Dictionary + mask
 Mask + dictionary
 Dictionary
 ?1?2?2?2?2?2?2?2?3
Password1
Hybrid attack

 27% of alphabet
 But 62% of first letters of English word usage!
 -1 TASHWIOtashwio -2 ?u?l
 ?1?2?2?2?2?2?2?2
 Reduces key space by 73%
 1 day => 6.5 hours
TASHWIO
Work smart, not hard

 RockYou – 32.6M plaintext
 eHarmony – 1.5M unsalted MD5
 LinkedIn – 6.5M unsalted SHA1
 Gawker – 1.3M unsalted DES
Large password leaks

 First 1 million of 1.5
million eHarmony
passwords posted
online in June 2012
 Unsalted MD5s
Analyzing eHarmony’s hashes

A CPU isn’t bad, but…

1. Use existing hardware
2. Build a cracking box (GPU-based)
3. Look at cloud service providers
My options

 Beefy PSU
 Adequate cooling and electrical
 CPU and RAM relatively unimportant
 Multiple GPUs
Build your own

 Had utilized Amazon EC2 service
 No capital investment to test it
 On-demand
 Scalable
 Had an option that included GPUs
Amazon EC2

 Type of system
 Data transfer
 Data storage
 Purchase
options

 Zelda ($0-ish/hour)
 Pathetic Dell Latitude
 Yoda ($0.32/hour)
 64-bit Ubuntu Server 12.04 LTS
 m1.large (7.5GB RAM, 4 EC2 Compute Units)
 Xzibit ($2.10/hour)
 64-bit Cluster GPU Amazon Linux AMI
 cg1.4xlarge (22GB RAM, 33.5 EC2 Compute Units)
 Wiggum (TBD)
 Yoda (Grand Master) + 5 Jedi Knights
The systems

 51 tests
 Group 3 – masking
 Group 4 – rules
 Group 5 – combinations
 Group 6 – hybrid (common prefixes + mask)
 Group 7 – hybrid (new dictionary + mask)
 Group 8 – hybrid (mask + common suffix)
 Group 9 – TASHWIO + mask
The tests

 Define sequence of jobs to run
 Analyze results (during and after job)
 Eliminate or adjust jobs based on results
 Create new dictionaries
 Create new rules
 Re-run jobs using new dictionaries and rules
Process

 No lowercase letters!?
 Whoops!
Analyzing eHarmony’s hashes

Do not truncate the
password. Do not transform
it to uppercase or
lowercase. Do not limit the
number of characters that
can be utilized. Do not
limit the user to a weak
password.

Results on Xzibit

Use long, unpredictable,
random salts. Better still
use bcrypt or PBKDF2.

1. Value of password resiliency assessments – insight
2. Freely available assessment tools – hashcat, Cryprtohaze
3. Assessment methodologies – iterative, intelligent
4. Buy or rent – depends on use case and constraints
5. Utilizing EC2 – fast, easy, flexible
6. Hashing algorithm – bcrypt or PBKF2
7. Passphrases vs. passwords – passphrases…for now
Presentation goals recapped

 $2.10/hour
 54% cracked in 1 hour => $2.10
 69% cracked in 3 hours => $6.30
 77% cracked in 9 hours => $18.90
Cost

Do not tell your colleagues
the cloud is evil because
you lack visibility. Or
control. Or because you can
do security better. They
will not care. You will lose
credibility. You will be
excluded. And you will lose.

 Xzibit – 1.6B/s
 Yoda – 6.2M/s
 Zelda – 14k/s
Peak speeds

 Xzibit = 258 * Yoda
 Xzibit = $2.10 / hour
 Yoda = $0.32 / hour
 1 hour on Xzibit = 258 hours on Yoda
 258 * $0.32 = $82.56
 Yoda is 3,831% more expensive
Is EC2 worth it?

 Use fast algorithm (say what!?)
 No salt
 [Reused|short|non-random] salt
 Roll your own algorithm
Split the hash file?
Split the password candidates?
Workload distribution strategy

 Use fast algorithm (say what!?)
 No salt
 [Reused|short|non-random] salt
 Roll your own algorithm
1M hashes: 833s
100k hashes: 742s
10% of key space
89% of duration
Split the password candidates
Workload distribution strategy

1. Value of password resiliency assessments – insight
2. Freely available assessment tools – hashcat, Cryprtohaze
3. Assessment methodologies – iterative, intelligent
4. Buy or rent – depends on use case and constraints
5. Utilizing EC2 – fast, easy, flexible
6. Hashing algorithm – bcrypt or PBKF2
7. Passphrases vs. passwords – passphrases…for now
What’s next

 Sentences
 Strings of words (careful!)
 Mnemonics (acronyms)
 Transformations similar to password
construction
Passphrases

 Crowdsource
 Beg for orgs to share them
 Wait until they’re leaked
 Build our own
Acquiring passphrase candidates

 E-books
 Movie scripts
 Song lyrics
 Tweets
 Any file that contains phrases or sentences
Acquiring passphrase candidates

 E-books
 Movie scripts
 Song lyrics
 Tweets
 Dictator – instructs on what files to get
 Miner – acquires files
 Hasher – hashes for uniqueness
 Hoarder – adds to queue
 Grabber – pulls file from queue
 Converter – converts to plaintext
 Massager – converts to lower
Passphrase builder

 E-books
 Movie scripts
 Song lyrics
 Tweets
 Splitter 1 – splits by sentence
 Splitter 2 – splits by word
 Parser – generates strings and acronyms
 Recorder – adds to DB
 Generator – sort, create acronyms, create
output
Passphrase builder

 E-books
 Movie scripts
 Song lyrics
 Tweets
 A person who never made a mistake never tried
anything new.
 apwnmamntan
 a person who never
 person who never
 person who never made
 Ranking
 Search engine results
 Frequency in DB
 Matches against leaks
Passphrase builder

Q&A
Steve Werby
steve@befriend.com
Twitter: @stevewerby
http://www.linkedin.com/in/werby

Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]

Recommended

Recommended

More Related Content

What's hot

What's hot (6)

Viewers also liked

Viewers also liked (18)

Similar to Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]

Similar to Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio] (20)

More from Steve Werby

More from Steve Werby (7)

Recently uploaded

Recently uploaded (20)

Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]