Passwords - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Passwords

Description:

information used by entities to prove identity. C: set of complementary information ... Neils Provos and David Mazieres, 'A Future-Adaptable Password Scheme,' http: ... – PowerPoint PPT presentation

Number of Views:181
Avg rating:3.0/5.0
Slides: 41
Provided by: NKU
Category:
Tags: passwords | provos

less

Transcript and Presenter's Notes

Title: Passwords


1
CIT 380 Securing Computer Systems
  • Passwords

2
Topics
  • Password Systems
  • Password Cracking
  • Hashing and Salting
  • Password Selection
  • Graphical Passwords
  • One-time Passwords

3
Passwords
  • What you know
  • Sequence of characters
  • Complementation Function
  • Identity requires access control to protect C
  • One-way Hash
  • easy to compute c f(a)
  • difficult to compute a f-1(c)

4
Classic UNIX Passwords
  • Format Up to 8 ASCII characters
  • A contains 6.9 x 1016 possible passwords
  • C contains crypt hashes, strings of length 13
    chosen from alphabet of 64 characters, 3.0 x 1023
    strings
  • Storage
  • /etc/passwd (0644) was traditionally used
  • /etc/shadow (0600) in modern systems

5
Online Hash Calculator
  • http//www.fileformat.info/tool/hash.htm

6
Password Cracking
Get Hashed Password pwhash
word Next word from list
List of potential passwords.
wordhash Hash(word)
wordhash pwhash
False
True
word is pw
7
Cracking Methods
  • List of common passwords
  • List of English/foreign words
  • Permutation rules
  • Substitute numbers/symbols for letters
  • Change case, pluralize, reverse words, character
    shifts, digit/symbol prefix/postfix,joining words
  • Brute force
  • All possible passwords

8
Making Password Guessing Easier
  • Web sites will e-mail you password if you answer
    a simple secret question
  • What is your favorite color?
  • What is your pets name?
  • What is your mothers maiden name?
  • Violation of fail-safe defaults
  • Failover to less secure protocol.
  • How many favorite colors are there?

9
Countering Password Guessing
  • Select suitably low probability P(T) of guessing
    in time T.
  • P(T) gt TG / N
  • G is number of guess per time unit T
  • T is number of time units in attack
  • N is number of possible passwords

10
Calculating Minimum Password Length
  • Password System
  • There are 96 allowable characters in password.
  • System allows 106 guesses/second.
  • Requirement probablility of success guess should
    be 0.5 over 365-day period.
  • What should the minimum password length be?
  • N gt TG/P
  • N gt (365 x 24 x 60 x 60) x 106 / 0.5 6.31 x
    1013
  • N S96i, where i ranges from 1 to length of
    password
  • S96i gt N 6.31 x 1013 is true when largest i
    gt 8
  • The minimum required password length is 8.

11
UNIX Password Hashing
  • crypt() function used for hashing
  • DES encrypts 64-bit block of 0s (25 rounds) using
    your password for the key.
  • Modified DES incompatible with DES hardware
    cracking tools.
  • Limited to 8 characters or less.
  • If limited to 95 printable characters, only 253
    possible passwords.
  • How to resist dictionary attacks? Salting

12
Salting
  • Adds a 2-character (12-bit) random, public data
    to password to create key.
  • Any word may be encrypted in 4096 possible ways
    (i.e., there are 4096 f ? F).
  • Your password always uses same salt.
  • Someone else with same password (a) probably has
    different salt, and thus different c f(a).
  • Number of possible keys increased to 266
  • Too small for today modern UNIX doesnt use
    crypt.

13
Salting (cont.)
  • Prevents pre-calculated dictionary attack
  • 266 passwords requires millions of terabytes
  • crypt() 218 passwords/second
  • Brute force would require 8000 machines for 48
    days.

14
Modern UNIX Passwords
  • Format long ASCII string
  • Hashing techniques
  • MD5 (unlimited length, 12-48 bit salt)
  • SHA1 (unlimited length, 12-48 bit salt)
  • Bcrypt (55 chars, 128-bit salt, adjustable cost)

15
Windows 2000/XP Passwords
  • Storage
  • systemroot\system32\config\sam
  • locked while NT running
  • systemroot\repair\sam_ backup file
  • may be accessible via remote registry calls
  • Format
  • LAN Manager (LM) Hash
  • NT (MD4) Hash

16
Windows LM Hash Algorithm
  • Password fitted to 14 character length by
    truncating or padding with 0s.
  • Password converted to upper case.
  • Password divided into two 7-byte halves.
  • Each half used as DES key to encrypt same 8-byte
    constant.
  • Resultant strings merged to form a 16-byte hash
    value.

17
Windows LM Hash Problems
  • Last 8 bytes of c known if password lt 7 chars.
  • Dividing password into halves reducing problem of
    breaking 14-character password to breaking two
    7-character passwords.
  • Conversion to upper case reduces character set.
  • Dictionary of password hashes can be prebuilt
  • Number of possible passwords much smaller than
    DES space.
  • No salt is used.

18
Windows NT Hash
  • Converts to Unicode, MD4 hashes result
  • Caveat Often used in conjunction with LM hash,
    which is required for backwards compatibility.
  • No salt identical passwords generate identical
    hashes.

19
Password Selection
  • Random Selection
  • Pronounceable Passwords
  • User Selection

20
Random Selection
  • Yields equal distribution of passwords for
    maximum difficulty in cracking
  • What about short passwords?
  • Random passwords arent easy to remember
  • Short term memory holds 7 /- 2 items
  • People have multiple passwords
  • Principle of Psychological Acceptability
  • Requires a good PRNG

21
Random Selection (Bad)Example
  • PDP-11 password generator
  • 16-bit machine
  • 8 upper-case letters and digits
  • P 368 2.8 x 1012
  • At 0.00156 sec/encryption, 140 years to brute
    force
  • PRNG had period of 216 1
  • Only 65,535 possible passwords
  • Requires 102 seconds to try all passwords

22
Pronounceable Passwords
  • Generate passwords from random phonemes instead
    of random characters.
  • People can remember password as sequence of
    audible phonemes instead of characters, allowing
    easy recall of longer passwords.
  • Fewer pronounceable passwords exist than random
    passwords.

23
User Selection
  • Allow users to choose passwords.
  • Reject insecure passwords based on ruleset
  • Based on account, user, or host names
  • Dictionary words
  • Permuted dictionary words
  • Patterns from keyboard
  • Shorter than 6 characters
  • Digits, lowercase, or uppercase only passwords
  • License plates or acronyms
  • Based on previously used passwords

24
Human Randomness?
25
Bad Passwords
  • 123456
  • letmein
  • password
  • 12345678
  • dragon
  • qwerty
  • michael
  • 654321
  • harley
  • ranger
  • iwantu
  • xxxxxxx
  • turtle
  • united
  • porsche
  • guitar
  • black
  • diamond
  • nascar
  • jun0389
  • 06031989
  • amanda
  • phoenix
  • mickey
  • tigers
  • purple
  • xmen94
  • aaaaaa
  • prince
  • beach
  • amateur
  • ncc1701
  • tennis
  • startrek
  • swimming
  • kitty
  • rainbox
  • 112233
  • 232323
  • giants
  • enter
  • 0
  • cupcake
  • 8675309
  • marlboro
  • newyork
  • diablo
  • sexsex
  • access14
  • abgrtyu
  • 123123
  • dragon123
  • applepie
  • 31415926
  • 99skip
  • just4fun
  • xcvb
  • typewriter

26
Password Generators
  • http//www.pctools.com/guides/password/
  • http//strongpasswordgenerator.com/

27
How to Select Good Passwords
  • Long passwords, consisting of multiple words..
  • Use nth letter of each word if phrase too long.
  • Themes
  • Word combinations 3 blind katz
  • E-mail or URL yoda_at_strong-this-password-is.net
  • Phone number (888) 888-eight eight
  • Bracketing Starfleet -gt !-Starfleet-!
  • Add a word shopping -gt Goin shopping
  • Repetition Pirate--PirateShip
  • Letter swapping Sour Grape -gt Gour Srape

28
Guessing via Authentication Fns
  • If complements not accessible, attacker must use
    authentication functions.
  • Cannot be prevented.
  • Increase difficulty of auth function attack
  • Backoff increasing wait before reprompting.
  • Disconnection disconnect after n failures.
  • Disabling disable account after n failures.
  • Jailing permit access to limited system, so
    admins can observe attacker.

29
Password Aging
  • Requirement that password be changed after a
    period of time or after an event has occurred
  • If expected time to guess is 180 days, should
    change password more frequently than 180 days
  • If change time too short, users have difficulty
    recalling passwords.
  • Cannot allow users to change password to current
    one.
  • Also prevent users from changing passwords too
    soon.
  • Give notice of impending password change
    requirement.

30
Graphical Passwords
  • Face Scheme Password is sequence of faces, each
    chosen from a grid of 9 faces.
  • Story Scheme Password is sequence of images,
    each chosen from a grid of 9, to form a story.

31
Challenge-Response
  • Problem passwords are reusable, and thus
    subject to replay attacks.
  • Solution authenticate in such a way that the
    transmitted password changes each time.

32
One-Time Passwords
  • A password thats invalidated once used.
  • Challenge number of auth attempt
  • Response one-time password
  • Problems
  • Generation of one-time passwords
  • Use hash or crytographic function
  • Synchronization of the user and the system
  • Number or timestamp passwords

33
S/Key
  • One-time password system based on a hash function
    h (MD4 or MD5).
  • User initializes with random seed k.
  • Key generator calculates
  • h(k) k1, h(k1) k2, , h(kn-1) kn
  • Passwords, in order used, are
  • p1 kn, p2 kn-1, , pn-1 k2, pn k1

34
S/Key
  • Attacker cannot derive pi1 from pi since
  • pi kn-i1, pi1 kn-i, and h(kn-i) kn-i1
  • which would require inverting h.
  • Once user has used all passwords, S/Key must be
    re-initialized with a new seed.

35
S/Key
  • http//en.wikipedia.org/wiki/S/KEY

36
S/Key Login
  • User supplies account name to server
  • Server replies with number i stored in skeykeys
    file
  • User supplies corresponding password pi
  • Server computes h(pi) h(kn-i1) kn-i2 pi-1
    and compares result with stored password. If
    match, user is authenticated and S/Key updates
    number in skeykeys file to i1 and stores pi

37
S/Key Login
  • FreeBSD/i386 (example.com) (ttypa)
  • login ltusernamegt
  • s/key 97 fw13894
  • Password
  • Use S/Key calculator on local system to calculate
    response
  • key 97 fw13894
  • Enter secret password
  • WELD LIP ACTS ENDS ME HAAG

38
Other One Time Password Systems
  • Software OPIE
  • Backwards compatible with S/Key (if same hash
    used).
  • Hardware RSA SecurID card
  • Displayed password changes every 60sec.
  • Password constant password SecurID

39
Key Points
  • Good passwords need to be
  • Complex
  • Unique
  • Secret
  • Changed on a regular basis
  • Stored passwords are secured via
  • Hashing (crypt, MD5, SHA1, bcrypt)
  • Salting
  • One-time passwords offer greater security.

40
References
  • Ross Anderson, Security Engineering, Wiley, 2001.
  • Matt Bishop, Introduction to Computer Security,
    Addison-Wesley, 2005.
  • Mark Burnett and Dave Kleiman, Perfect Passwords,
    Syngress, 2006.
  • Lorie Faith Cranor and Simson Garfinkel, Security
    and Usability, OReilly, 2005.
  • Cynthia Kuo et. al., Human Selection of Mnemonic
    Phrase-based Passwords, SOUPS 2006,
    http//cups.cs.cmu.edu/soups/2006/proceedings/p67_
    kuo.pdf, 2006.
  • Neils Provos and David Mazieres, A
    Future-Adaptable Password Scheme,
    http//www.openbsd.org/papers/bcrypt-paper.pdf,
    2006.
  • Ed Skoudis, Counter Hack Reloaded, Prentice Hall,
    2006.
  • Simson Garfinkel, Gene Spafford, and Alan
    Schwartz, Practical UNIX and Internet Security,
    3/e OReilly, 2003.
Write a Comment
User Comments (0)
About PowerShow.com