2012 03 The Death of Passwords
0 likes352 views
The document discusses the ineffectiveness of passwords for authentication and proposes moving to multi-factor authentication. It notes that passwords can be cracked using techniques like brute force, rainbow tables, and GPU cracking. Rules for mangling words to generate password guesses are also presented. The document advocates supplementing passwords with a second or third factor of authentication, such as using a token, digital certificate on user devices, or phone-based authentication to provide stronger security than passwords alone.
![Dictionary lists, hybrid attacks
and mangle rules
#define RULE_OP_MANGLE_LREST 'l' // lower case all chars
#define RULE_OP_MANGLE_UREST 'u' // upper case all chars
#define RULE_OP_MANGLE_LREST_UFIRST 'c' // lower case all chars, upper case 1st
#define RULE_OP_MANGLE_UREST_LFIRST 'C' // upper case all chars, lower case 1st
#define RULE_OP_MANGLE_TREST 't' // switch the case of each char
#define RULE_OP_MANGLE_TOGGLE_AT 'T' // switch the case of each char on pos N
#define RULE_OP_MANGLE_REVERSE 'r' // reverse word
#define RULE_OP_MANGLE_DUPEWORD 'd' // append word to itself
#define RULE_OP_MANGLE_DUPEWORD_TIMES 'p' // append word to itself N times
#define RULE_OP_MANGLE_REFLECT 'f' // reflect word (append reversed word)
#define RULE_OP_MANGLE_ROTATE_LEFT '{' // rotate the word left. ex: hello -> elloh
#define RULE_OP_MANGLE_ROTATE_RIGHT '}' // rotate the word right. ex: hello -> ohell
#define RULE_OP_MANGLE_APPEND '$' // append char X
#define RULE_OP_MANGLE_PREPEND '^' // prepend char X
#define RULE_OP_MANGLE_DELETE_FIRST '[' // delete first char of word
#define RULE_OP_MANGLE_DELETE_LAST ']' // delete last char of word
#define RULE_OP_MANGLE_DELETE_AT 'D' // delete char of word at pos N
#define RULE_OP_MANGLE_EXTRACT 'x' // delete X chars of word at pos N
#define RULE_OP_MANGLE_INSERT 'i' // insert char X at pos N
#define RULE_OP_MANGLE_OVERSTRIKE 'o' // overwrite with char X at pos N
#define RULE_OP_MANGLE_TRUNCATE_AT '''// cut the word at pos N
#define RULE_OP_MANGLE_REPLACE 's' // replace all chars X with char Y
#define RULE_OP_MANGLE_PURGECHAR '@' // -- not implemented --
#define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself. ex:
hello -> hhello
#define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself. ex:
hello -> helloo
#define RULE_OP_MANGLE_DUPECHAR_ALL 'q' // duplicate all chars. ex: hello ->
hheelllloo](https://image.slidesharecdn.com/2012-03-passwords-multifactor-ak-130312194638-phpapp02/85/2012-03-The-Death-of-Passwords-6-320.jpg)
2012 03 The Death of Passwords
- 1. The Death of Passwords
- 2. Dangers to Passwords Passwords are phished Passwords are shared Users use dictionary words or lazy passwords Users reuse password for different sites Users recycle passwords or add numbers at the end (BlueDevil#9) Passwords can be cracked using: Brute Force the hashes AND / OR Rainbow Tables AND / OR GPU Cracking ...
- 3. Demo of the GPU cracking 5 characters of mixed cases, characters and numbers: ~2.5 min brute force of NVidia NVS 3100M (16 cores, 512 Mb) for comparison, NVidia card PCI Express - eVGA Memory clock 4212 MHz Effective. Shader clock 1800 MHz. Cuda cores 512. Memory 3072MB GDDR5. ~$600
- 4. Cracking Passwords d131dd02c5e d131dd02c5e 6eec4693d9a Password Guess HASH 6eec4693d9a 0698aff95c 0698aff95c Password File Password Type Using the CPU Using the GPU 6 char (no spec chars) 1 hour 30 sec 4 seconds 7 char (no spec chars) 4 days 17 minutes 30 seconds 7 char (spec chars) 75 days 7 hours 9 char (spec chars) 43 years 48 days
- 5. 12345 anyone? I'm so clever passwords: Q1W2E3R4 A!S@D#F$ zxcv/.,m Aq1Sw2De3Fr4 L33tSp3@K (th3y w1ll n3v3r gu3$$)
- 6. Dictionary lists, hybrid attacks and mangle rules #define RULE_OP_MANGLE_LREST 'l' // lower case all chars #define RULE_OP_MANGLE_UREST 'u' // upper case all chars #define RULE_OP_MANGLE_LREST_UFIRST 'c' // lower case all chars, upper case 1st #define RULE_OP_MANGLE_UREST_LFIRST 'C' // upper case all chars, lower case 1st #define RULE_OP_MANGLE_TREST 't' // switch the case of each char #define RULE_OP_MANGLE_TOGGLE_AT 'T' // switch the case of each char on pos N #define RULE_OP_MANGLE_REVERSE 'r' // reverse word #define RULE_OP_MANGLE_DUPEWORD 'd' // append word to itself #define RULE_OP_MANGLE_DUPEWORD_TIMES 'p' // append word to itself N times #define RULE_OP_MANGLE_REFLECT 'f' // reflect word (append reversed word) #define RULE_OP_MANGLE_ROTATE_LEFT '{' // rotate the word left. ex: hello -> elloh #define RULE_OP_MANGLE_ROTATE_RIGHT '}' // rotate the word right. ex: hello -> ohell #define RULE_OP_MANGLE_APPEND '$' // append char X #define RULE_OP_MANGLE_PREPEND '^' // prepend char X #define RULE_OP_MANGLE_DELETE_FIRST '[' // delete first char of word #define RULE_OP_MANGLE_DELETE_LAST ']' // delete last char of word #define RULE_OP_MANGLE_DELETE_AT 'D' // delete char of word at pos N #define RULE_OP_MANGLE_EXTRACT 'x' // delete X chars of word at pos N #define RULE_OP_MANGLE_INSERT 'i' // insert char X at pos N #define RULE_OP_MANGLE_OVERSTRIKE 'o' // overwrite with char X at pos N #define RULE_OP_MANGLE_TRUNCATE_AT '''// cut the word at pos N #define RULE_OP_MANGLE_REPLACE 's' // replace all chars X with char Y #define RULE_OP_MANGLE_PURGECHAR '@' // -- not implemented -- #define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself. ex: hello -> hhello #define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself. ex: hello -> helloo #define RULE_OP_MANGLE_DUPECHAR_ALL 'q' // duplicate all chars. ex: hello -> hheelllloo
- 7. Rainbow Tables http://www.freerainbowtables.com/ (using BOINC distributed computing for calculation) (5271 GB as of 02/20/2012) RainbowCrack your local friendly rainbow tables generator / converter (different formats of RT) / cracker
- 8. RainbowCrack Project example ntlm_mixalpha-numeric#1-9 Hash Algorithm: NTLM Charset: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Plaintext Length: 1 to 9 Key Space: 13,759,005,997,841,642 (about 253.6) Table Pre-computation Effort: 59,476,604,035,792,896 (about 255.7) hash computations Table Size: 864 GB That pretty much means the game is over for NTLM passwords under 10 digits alphanumeric!
- 9. Methods to Compromise Defense Accounts/Passwords Longer Accou Mu Netw Host- Password Attack passwor Regular nt lti- Edu ork based ds Password cati locko fac encry securi (passphr changes on uts tor ption ty ases) Password Cracking Dictionary Attack Brute Force Rainbow Tables GPU Cracking Password Sharing Phishing/Social Engineering Man-in-the-Middle Attack Network Sniffing Keylogger * *(unless digital cert)
- 10. What is Multi-Factor Authentication involves: Something you know (e.g. password) Something you have (e.g. digital cert, token) Something you are (e.g. fingerprint, voice pattern) Somewhere you are (e.g. GPS or network IP) Passwords provide 1 of these items. What if we supported the use of a second? Or a third? Depending on a user role AND the application they are trying to access we could provide a second factor for authentication
- 11. Option Multifactor Options: Pros Cons Tokens Industry standard; Token replacement costs; can implement into if lost, stolen, or not current available, cannot log-in; authentication may not be able to log-in services; can run on from a guest machine; top of existing seed server must be password policy protected at all costs Digital Cheapest option (via Only 遜 of a factor in some Certificates Incommon); Least cases; Cert must be impact to users; can installed on all user run on top of existing devices; cannot log-in password policy from a guest machine; depend on user key protection Phone (SMS/QR Similar to tokens; User has to have a phone tech) low-cost/open source that can take pictures or options; works well SMS; If phone is lost, for those that have stolen, or not available, smart phones; can cannot log-in
- 12. Passwords Alone Are No Longer Effective