SlideShare a Scribd company logo

How-to crack 43kk passwords while drinking your juice/smoozie in the Hood

Download as PPTX, PDF
Y
Yurii Bilyk

Analysis of leaked LinkedIn dumps, methods of cracking passwords, what hardware do you need and how long it could take, some interesting statistics

Technology
1 of 42
Yurii Bilyk | 2016 How-to crack 43kk passwords while drinking your in the Hood
WHO AM I 26 vs 27.5 vs 29
TEAM  WE are Security Group  WE are ALL Engineers (Almost;)  WE are OWASP Lviv Chapter  WE are Legio… oops blog: http://owasp-lviv.blogspot.com skype: y.bilyk
o But WHY??!! o Our CRACKING RIG o Different obvious methods o Not so obvious methods o Some interesting statistics Agenda
Tell Me WHY!? what’s wrong with you?
The Reason Just for FUN Good example of Open Source Intelligence You can really test your skills in password cracking
Some Info LinkedIn DB contains 250 758 057 e-mails Only 61 829 208 contains unique hashes File size of all unique hashes is 2.5 GB
Our CRACKING RIG because we can
P - Podgotovka LinkedIn DB contains unsalted SHA-1 hashes GPU should be best option for such type of hashes Best tool for this case is HashCat
GTX 1080 SHA-1 Benchmark 8xGPU SHA-1 crack speed: 68 771.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 days 3 hours 4 minutes 54 seconds to brute ALL combinations
Question of Money 738x8 = 5904 $$$
Amazon K80 SHA-1 Benchmark 36xGPU SHA-1 crack speed: 75 200.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 days 45 minutes 59 seconds to brute ALL combinations
So You’ve said Amazon? (14.4+14.4+7.2)x25 = 900 $$$
Rainbow Alternatives 1000 $$$
RainBow Seek SHA-1 Benchmark SHA-1 crack speed: 3 880 000.0 MH/s for 1 hash 784 000.0 MH/s for 10 hashes 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 28 minutes <-> 2 hours 22 minutes to brute ALL combinations
Return to Reality Intel Core i5-3570 @ 3.4Ghz SHA-1 crack speed: ~120.0 MH/s NVIDIA 750GT (Mobile): SHA-1 crack speed: ~120.0 MH/s
1xi5-3570 SHA-1 Benchmark SHA-1 crack speed: 120.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 years 281 days 10 hours 30 minutes 48 seconds to brute ALL combinations
Some OBVIOUS STEPS let’s play
Where to Start? We used dictionary attack as the first attempt You need good dictionary. We started with rockyou.txt You need memory for your hashes. It could be problem for GPU
So First Try Cracked around 20% of all hashes (with rockyou.txt dictionary) It took around 5 mins  And now you have to think what to do next 
We need moar dictionaries! RockYou contains 14 344 391 words We tried different dictionaries. The biggest was 1 212 356 398 words and 15 GB in size All this gives us approx 35% of all hashes
Let’s brute it! We selected up to 6 char passwords with full set of characters It took around 2 hours All this gives us approx 45% of all hashes
Magic of STATISTICS new is well-forgotten old
What we can do get moar? HashCat has rules of transformation It mutates original word Quality of your dictionary is essential. Size doesn’t rly matters Using rules is more time consuming than just dictionary attack
What rules are effective? We used best64, InsidePro- PasswordsPro and d3ad0ne rules It was very effective in terms of number of hashes All this gives us approx 60% of all hashes
Time to go smarter way We have 36 millions of cracked passwords We can analyze cracked password to determine patters This patterns can produce more efficient bruteforce masks
Meet PACK Tool http://thesprawl.org/projects/pack/
PACK Tool Features Can analyze list of password and generate bruteforce mask You can specify password length, time, complexity constrains Gives you some idea what type of passwords are popular
Is PACK effective? It can crack similar passwords according that you already have You can flexibly choose best masks regarding constrains All this gives us approx 65% of all hashes
Other types of attacks PRINCE attack, somehow similar to the using PACK tool + mutation Combination of TWO and more dictionaries Hybrid attack, that uses dictionaries + rules + bruteforce masks
Some CHARTS It’s easy
Length of password (Our)
Length of password (Korelogic)
Character-set of password (Our)
Most Popular Passwords (Korelogic)
Mails (Korelogic)
Base Words (Korelogic)
Thank YOU!

Recommended

The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
Yurii Bilyk
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
Yurii Bilyk
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
Berescu Ionut
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5
志璿 楊
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
Basudev Saha
 
Password Security
Password SecurityPassword Security
Password Security
Alex Hyer
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
Harry Potter
 

Recommended

The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
Yurii Bilyk
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
Yurii Bilyk
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
Berescu Ionut
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
Message authentication with md5
Message authentication with md5Message authentication with md5
Message authentication with md5
志璿 楊
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
Basudev Saha
 
Password Security
Password SecurityPassword Security
Password Security
Alex Hyer
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
Harry Potter
 
MD5
MD5MD5
MD5
rokham khawaja
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
Pawandeep Kaur
 
Stripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe CTF3 wrap-up
Stripe CTF3 wrap-up
Stripe
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
Virendrakumar Dhotre
 
Academy PRO: Cryptography 3
Academy PRO: Cryptography 3Academy PRO: Cryptography 3
Academy PRO: Cryptography 3
Binary Studio
 
MD5Algorithm
MD5AlgorithmMD5Algorithm
MD5Algorithm
Mirza Tarannum
 
Cryptography - Simplified - Hash Functions
Cryptography - Simplified - Hash FunctionsCryptography - Simplified - Hash Functions
Cryptography - Simplified - Hash Functions
Abdul Manaf Vellakodath
 
IPv6 for Pentester
IPv6 for PentesterIPv6 for Pentester
IPv6 for Pentester
Amish Patadiya
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
Password Security
Password SecurityPassword Security
Password Security
CSCJournals
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
Yusuf Uzun
 
Hash function
Hash functionHash function
Hash function
Harry Potter
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
Enrico Zimuel
 
Cryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPCryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHP
Anthony Ferrara
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use cases
Enrico Zimuel
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
SupanShah2
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
Mazin Alwaaly
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
Khulna University, Khulna, Bangladesh
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow Tables
Panggi Libersa
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 

More Related Content

What's hot

Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
Yusuf Uzun
 

What's hot (20)

MD5
MD5MD5
MD5
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Stripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe CTF3 wrap-up
Stripe CTF3 wrap-up
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
Academy PRO: Cryptography 3
Academy PRO: Cryptography 3Academy PRO: Cryptography 3
Academy PRO: Cryptography 3
 
MD5Algorithm
MD5AlgorithmMD5Algorithm
MD5Algorithm
 
Cryptography - Simplified - Hash Functions
Cryptography - Simplified - Hash FunctionsCryptography - Simplified - Hash Functions
Cryptography - Simplified - Hash Functions
 
IPv6 for Pentester
IPv6 for PentesterIPv6 for Pentester
IPv6 for Pentester
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Password Security
Password SecurityPassword Security
Password Security
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
 
Hash function
Hash functionHash function
Hash function
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
 
Cryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPCryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHP
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use cases
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow Tables
 

Similar to How-to crack 43kk passwords while drinking your juice/smoozie in the Hood

Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
Iftach Ian Amit
 

Similar to How-to crack 43kk passwords while drinking your juice/smoozie in the Hood (20)

Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
 
Stu r33 b (2)
Stu r33 b (2)Stu r33 b (2)
Stu r33 b (2)
 
Iam r31 a (2)
Iam r31 a (2)Iam r31 a (2)
Iam r31 a (2)
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
 
The Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityThe Hacker's Guide to JWT Security
The Hacker's Guide to JWT Security
 
What Video Games and BotCoin Did To The World Of Security... On Accident
What Video Games and BotCoin Did To The World Of Security... On AccidentWhat Video Games and BotCoin Did To The World Of Security... On Accident
What Video Games and BotCoin Did To The World Of Security... On Accident
 
Password Policies
Password PoliciesPassword Policies
Password Policies
 
Lightning Talk: What You Need to Know Before You Shard in 20 Minutes
Lightning Talk: What You Need to Know Before You Shard in 20 MinutesLightning Talk: What You Need to Know Before You Shard in 20 Minutes
Lightning Talk: What You Need to Know Before You Shard in 20 Minutes
 
Sharding why,what,when, how
Sharding why,what,when, howSharding why,what,when, how
Sharding why,what,when, how
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing Algorithms
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
 
Hash cat
Hash catHash cat
Hash cat
 
Developer &lt; eat love code >
Developer &lt; eat love code >Developer &lt; eat love code >
Developer &lt; eat love code >
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

How-to crack 43kk passwords while drinking your juice/smoozie in the Hood

  • 1. Yurii Bilyk | 2016 How-to crack 43kk passwords while drinking your in the Hood
  • 2. WHO AM I 26 vs 27.5 vs 29
  • 3. TEAM  WE are Security Group  WE are ALL Engineers (Almost;)  WE are OWASP Lviv Chapter  WE are Legio… oops blog: http://owasp-lviv.blogspot.com skype: y.bilyk
  • 4. o But WHY??!! o Our CRACKING RIG o Different obvious methods o Not so obvious methods o Some interesting statistics Agenda
  • 5. Tell Me WHY!? what’s wrong with you?
  • 6. The Reason Just for FUN Good example of Open Source Intelligence You can really test your skills in password cracking
  • 7. Some Info LinkedIn DB contains 250 758 057 e-mails Only 61 829 208 contains unique hashes File size of all unique hashes is 2.5 GB
  • 9. P - Podgotovka LinkedIn DB contains unsalted SHA-1 hashes GPU should be best option for such type of hashes Best tool for this case is HashCat
  • 10.
  • 11. GTX 1080 SHA-1 Benchmark 8xGPU SHA-1 crack speed: 68 771.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 days 3 hours 4 minutes 54 seconds to brute ALL combinations
  • 13.
  • 14. Amazon K80 SHA-1 Benchmark 36xGPU SHA-1 crack speed: 75 200.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 days 45 minutes 59 seconds to brute ALL combinations
  • 15. So You’ve said Amazon? (14.4+14.4+7.2)x25 = 900 $$$
  • 16.
  • 18. RainBow Seek SHA-1 Benchmark SHA-1 crack speed: 3 880 000.0 MH/s for 1 hash 784 000.0 MH/s for 10 hashes 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 28 minutes <-> 2 hours 22 minutes to brute ALL combinations
  • 19.
  • 20. Return to Reality Intel Core i5-3570 @ 3.4Ghz SHA-1 crack speed: ~120.0 MH/s NVIDIA 750GT (Mobile): SHA-1 crack speed: ~120.0 MH/s
  • 21. 1xi5-3570 SHA-1 Benchmark SHA-1 crack speed: 120.0 MH/s 8xCHARS password Z!sN0/7u: 95 symbols length alphabet 6.70 X 1015 search space 1 years 281 days 10 hours 30 minutes 48 seconds to brute ALL combinations
  • 23. Where to Start? We used dictionary attack as the first attempt You need good dictionary. We started with rockyou.txt You need memory for your hashes. It could be problem for GPU
  • 24. So First Try Cracked around 20% of all hashes (with rockyou.txt dictionary) It took around 5 mins  And now you have to think what to do next 
  • 25. We need moar dictionaries! RockYou contains 14 344 391 words We tried different dictionaries. The biggest was 1 212 356 398 words and 15 GB in size All this gives us approx 35% of all hashes
  • 26. Let’s brute it! We selected up to 6 char passwords with full set of characters It took around 2 hours All this gives us approx 45% of all hashes
  • 27. Magic of STATISTICS new is well-forgotten old
  • 28. What we can do get moar? HashCat has rules of transformation It mutates original word Quality of your dictionary is essential. Size doesn’t rly matters Using rules is more time consuming than just dictionary attack
  • 29. What rules are effective? We used best64, InsidePro- PasswordsPro and d3ad0ne rules It was very effective in terms of number of hashes All this gives us approx 60% of all hashes
  • 30. Time to go smarter way We have 36 millions of cracked passwords We can analyze cracked password to determine patters This patterns can produce more efficient bruteforce masks
  • 32. PACK Tool Features Can analyze list of password and generate bruteforce mask You can specify password length, time, complexity constrains Gives you some idea what type of passwords are popular
  • 33. Is PACK effective? It can crack similar passwords according that you already have You can flexibly choose best masks regarding constrains All this gives us approx 65% of all hashes
  • 34. Other types of attacks PRINCE attack, somehow similar to the using PACK tool + mutation Combination of TWO and more dictionaries Hybrid attack, that uses dictionaries + rules + bruteforce masks
  • 37. Length of password (Korelogic)
  • 39. Most Popular Passwords (Korelogic)