Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]

1. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Building Dictionaries and Destroying Hashes using Amazon EC2 Steve Werby [President | Security Researcher | Security Consultant] Befriend

2. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Infosec since 1999 2. Former (CISO)3 3. BS Industrial Engineering, MBA, certs 4. Presented at Hack3rCon, SecTor, DerbyCon, ShmooCon, ConSec, SOURCE Conference, LASCON, BSidesDFW, VA SCAN, EDUCAUSE, InfraGard, OWASP, ISSA, AITP, IEEE, …

3. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Value of password resiliency assessments 2. Freely available assessment tools 3. Assessment methodologies 4. Buy or rent 5. Utilizing EC2 6. Hashing algorithm 7. Passphrases vs. passwords Presentation goals

4. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Have a question? Ask!  Have a comment? Share!  I’ll ask some questions too.

5. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  One-way functions (non-reversible)  Outputs a fixed-length string (unique…usually)  Such as MD5, SHA1, NTLM, and WPA 781ab37e7553fef1809efdf8cff656dc 54e18a5ad5152bd439efe9f1ae53506416bf7cf7 Hashes 1. Username: steve, Password: 2012Election 2. Transmitted to server 3. md5(“2012Election”) 4. Output compared to value stored on server 5. If match, successful login

6. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  String concatenated with password pre-hashing  Salt is rand(a-z) – can be from a larger key space  md5(“w2012Election”)  Stored in password DB as w:2012Election 781ab37e7553fef1809efdf8cff656dc 54e18a5ad5152bd439efe9f1ae53506416bf7cf7 Salts 1. Key space increased by factor of 26 2. Identical password != identical hash 3. Precomputation data storage increased

7. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Cracking strategies 1. Precompute hashes for a set of strings 2. Enumerate password hash file 3. Search for match in precomputation file Precomputation 781ab37e75 fc93d481c1:hunger fdaa4719ed fdaa3b7c0d:earring ffe81a52d2 fdaa4719ed:ISACA

8. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Cracking strategies 1. Enumerate a set of strings 2. Hash the strings 3. Search for match in password hash file String enumeration fc93d481c1 ISABY:e715b3aca fdaa4719ed ISABZ:9c74be0d1a ffe81a52d2 ISACA:fdaa4719ed ISACB:0b27cca621

9. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Number of tests needed  Time per test

10. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 NTLM: MD5: SHA1: LM: SHA512: 60x 40x 20x 10x x

11. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Length  Composition  Complexity  Aging  Construction prohibitions  Reuse  Memorization and storage Your password policy? Password policies

12. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Password aging was intended to reduce the time a bad actor had to guess a password. With modern computing power, this control isn’t logical and results in undesirable user behavior and reduces IT/infosec trust.

13. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Gain intelligence about user behavior 2. Assess password policies and user education 3. Strengthen argument for… technical controls policy changes algorithm changes 2FA But why do it?

14. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  John the Ripper  hashcat[-plus|-lite]  Cryptohaze Multiforcer

15. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Key space = set of strings to enumerate  A-Z = 26, a-z = 26, 0-9 = 10  [A-Z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][0-9]  (26)^1 * (26)^8 * (10)^1  13,537,086,546,263,600 ≈ 13.5 thousand trillion Password1 Key space / brute force attack

16. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Average adult vocabulary?  Key space = dictionary size alamo Dictionary attack

17. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Average adult vocabulary?  Key space = dictionary size RockYou exposure analysis

18. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Transformations like using config file to set rules: Duplication Reversal Appending Repeating  Key space of dictionary attack * transformations Alamo!, omal, aallaammoo Rule attack

19. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Combines strings from one dictionary with strings from another  Dictionary 1 = 10,000 strings  Dictionary 2 = 50,000 strings  Combinations = 500 million  Vs. ~5.4 trillion for [a-z]^9 key space  Reduces key space by 99.99%  1 day => 8 seconds alamocity Combinator attack

20. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  It’s Str0ng!  -1 ?u -2 ?l -3 ?d  ?1?2?2?2?2?2?2?2?3  Reduces key space by 99.98%  1 day => 13 seconds Password1 Mask attack

21. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  It’s Str0ng!  Dictionary + mask  Mask + dictionary  Dictionary  ?1?2?2?2?2?2?2?2?3  Reduces key space by 99.98%  1 day => 13 seconds Password1 Hybrid attack

22. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  27% of alphabet  But 62% of first letters of English word usage!  -1 TASHWIOtashwio -2 ?u?l  ?1?2?2?2?2?2?2?2  Reduces key space by 73%  1 day => 6.5 hours TASHWIO Work smart, not hard

23. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  RockYou – 32.6M plaintext  eHarmony – 1.5M unsalted MD5  LinkedIn – 6.5M unsalted SHA1  Gawker – 1.3M unsalted DES Large password leaks

24. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  First 1 million of 1.5 million eHarmony passwords posted online in June 2012  Unsalted MD5s Analyzing eHarmony’s hashes

25. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 A CPU isn’t bad, but…

26. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012

27. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Use existing hardware 2. Build a cracking box (GPU-based) 3. Look at cloud service providers My options

28. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Beefy PSU  Adequate cooling and electrical  CPU and RAM relatively unimportant  Multiple GPUs Build your own

29. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Had utilized Amazon EC2 service  No capital investment to test it  On-demand  Scalable  Had an option that included GPUs Amazon EC2

37. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Type of system  Data transfer  Data storage  Purchase options

38. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Zelda ($0-ish/hour)  Pathetic Dell Latitude  Yoda ($0.32/hour)  64-bit Ubuntu Server 12.04 LTS  m1.large (7.5GB RAM, 4 EC2 Compute Units)  Xzibit ($2.10/hour)  64-bit Cluster GPU Amazon Linux AMI  cg1.4xlarge (22GB RAM, 33.5 EC2 Compute Units)  Wiggum (TBD)  Yoda (Grand Master) + 5 Jedi Knights The systems

39. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  51 tests  Group 3 – masking  Group 4 – rules  Group 5 – combinations  Group 6 – hybrid (common prefixes + mask)  Group 7 – hybrid (new dictionary + mask)  Group 8 – hybrid (mask + common suffix)  Group 9 – TASHWIO + mask The tests

40. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Define sequence of jobs to run  Analyze results (during and after job)  Eliminate or adjust jobs based on results  Create new dictionaries  Create new rules  Re-run jobs using new dictionaries and rules Process

41. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  No lowercase letters!?  Whoops! Analyzing eHarmony’s hashes

42. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Do not truncate the password. Do not transform it to uppercase or lowercase. Do not limit the number of characters that can be utilized. Do not limit the user to a weak password.

43. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Results on Xzibit

44. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Use long, unpredictable, random salts. Better still use bcrypt or PBKDF2.

45. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Value of password resiliency assessments – insight 2. Freely available assessment tools – hashcat, Cryprtohaze 3. Assessment methodologies – iterative, intelligent 4. Buy or rent – depends on use case and constraints 5. Utilizing EC2 – fast, easy, flexible 6. Hashing algorithm – bcrypt or PBKF2 7. Passphrases vs. passwords – passphrases…for now Presentation goals recapped

46. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  $2.10/hour  54% cracked in 1 hour => $2.10  69% cracked in 3 hours => $6.30  77% cracked in 9 hours => $18.90 Cost

47. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Do not tell your colleagues the cloud is evil because you lack visibility. Or control. Or because you can do security better. They will not care. You will lose credibility. You will be excluded. And you will lose.

48. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Xzibit – 1.6B/s  Yoda – 6.2M/s  Zelda – 14k/s Peak speeds

49. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Xzibit = 258 * Yoda  Xzibit = $2.10 / hour  Yoda = $0.32 / hour  1 hour on Xzibit = 258 hours on Yoda  258 * $0.32 = $82.56  Yoda is 3,831% more expensive Is EC2 worth it?

50. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Use fast algorithm (say what!?)  No salt  [Reused|short|non-random] salt  Roll your own algorithm Split the hash file? Split the password candidates? Workload distribution strategy

51. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Use fast algorithm (say what!?)  No salt  [Reused|short|non-random] salt  Roll your own algorithm 1M hashes: 833s 100k hashes: 742s 10% of key space 89% of duration Split the password candidates Workload distribution strategy

53. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 1. Value of password resiliency assessments – insight 2. Freely available assessment tools – hashcat, Cryprtohaze 3. Assessment methodologies – iterative, intelligent 4. Buy or rent – depends on use case and constraints 5. Utilizing EC2 – fast, easy, flexible 6. Hashing algorithm – bcrypt or PBKF2 7. Passphrases vs. passwords – passphrases…for now What’s next

55. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Sentences  Strings of words (careful!)  Mnemonics (acronyms)  Transformations similar to password construction Passphrases

56. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  Crowdsource  Beg for orgs to share them  Wait until they’re leaked  Build our own Acquiring passphrase candidates

57. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  E-books  Movie scripts  Song lyrics  Tweets  Any file that contains phrases or sentences Acquiring passphrase candidates

58. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  E-books  Movie scripts  Song lyrics  Tweets  Any file that contains phrases or sentences  Dictator – instructs on what files to get  Miner – acquires files  Hasher – hashes for uniqueness  Hoarder – adds to queue  Grabber – pulls file from queue  Converter – converts to plaintext  Massager – converts to lower Passphrase builder

59. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  E-books  Movie scripts  Song lyrics  Tweets  Any file that contains phrases or sentences  Splitter 1 – splits by sentence  Splitter 2 – splits by word  Parser – generates strings and acronyms  Recorder – adds to DB  Generator – sort, create acronyms, create output Passphrase builder

60. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012  E-books  Movie scripts  Song lyrics  Tweets  Any file that contains phrases or sentences  A person who never made a mistake never tried anything new.  apwnmamntan  a person who never  person who never  person who never made  Ranking  Search engine results  Frequency in DB  Matches against leaks Passphrase builder

61. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012 Q&A Steve Werby steve@befriend.com Twitter: @stevewerby http://www.linkedin.com/in/werby