Password Cracking - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Password Cracking

Description:

LanMan is the weak method and can easily be cracked. ... Thus you really only have to crack two separate 7 character passwords instead of ... – PowerPoint PPT presentation

Number of Views:1696
Avg rating:3.0/5.0
Slides: 19
Provided by: oitu
Category:

less

Transcript and Presenter's Notes

Title: Password Cracking


1
Password Cracking
  • Lesson 12

2
Why crack passwords?
3
Where are the passwords stored?
  • In the security database in NT. Sometimes
    referred to as the SAM (security account
    manager).
  • In \Windows-directory\system32\config\SAM
  • File is usually world readable, however it is
    not accessible when the system is running because
    it is locked by the system kernel.
  • Copy of it may usually be found in
    Windows-directory\repair\SAM._
  • (rdisk run with /s argument)
  • then expand it
  • expand sam._ sam

For UNIX/Linux, passwords stored in /etc/passwd
or /etc/shadow.
Passwords should always be stored in encrypted
format, why? What are the steps then in
validating a correct password?
4
NT Password cracking
  • SAM file has two separately hashed versions of
    the password -- the LanMan version and the NT
    version.
  • LanMan is the weak method and can easily be
    cracked. It separates the password into two 7
    character parts. Thus you really only have to
    crack two separate 7 character passwords instead
    of a 14 character password.
  • It also converts lower case characters to upper
    case.
  • Because of poor hashing technique, for NT, a 10
    character password is actually potentially less
    secure than a 7 character
  • the second half (last 3 characters) will quickly
    be cracked and then may provide clue for first
    part, ex 890

5
So whats the problem with splitting it in two?
  • Lets assume lower case characters and numbers
    only (thus 36 possibilities). If the password
    can be only 7 characters then
  • (36 Characters) 7 characters in length 7.8X1010
    choices
  • If we instead had 14 character passwords
  • (36 Characters) 14 characters in length
    6.1X1021 choices
  • Or, if split in two 2 (7.8X1010)1.56X1011
    choices

6
(cont)
  • If I can try 1,000,000,000 passwords per day
  • With two 7 character passwords it would take 156
    days to crack any password
  • With one 14 character password it would take
    6.1X1012 days or 1.67X1010 years to crack any
    password.

7
Salts
  • Another issue with NT passwords is the fact that
    salts are not used.
  • A salt is a random string that is combined with a
    password before it is encrypted.
  • Used because two people who have the same
    password would normally have them encrypted to
    the same value.
  • When the user enters a new password, the system
    first combines the password with the salt and
    then computes the hashed value.
  • The system stores both the hash and the salt with
    the ID
  • When a user attempts to authenticate, the system
    looks up the salt, combines it with the password
    entered, hashes it, then compares it with the
    stored value.
  • Without a salt, the hacker only has to compute
    the hash once for any given password and then
    compare it with the stored values.

8
Programs to crack NT passwords
  • L0phtcrack
  • NTSweep
  • NTCrack

9
UNIX password cracking
  • Generally harder than NT to crack.
  • 3-step process used by cracking programs
  • create file of possible passwords (dictionary
    file)
  • Encrypt file of possible passwords
  • Compare results with encrypted form of passwords
  • Obvious why it is harder to guess if you dont
    use simple words. Dictionary created must
    include combinations of words with various
    connectors
  • There are different dictionaries for different
    environments/countries.

10
UNIX Password Encryption
  • UNIX uses an encryption algorithm called crypt to
    encrypt passwords.
  • Crypt is a hash algorithm that performs a one-way
    transformation.
  • There is thus no way to decrypt a password that
    has been encrypted with crypt
  • Each encrypted password is 11 characters and is
    combined with a 2-character salt.

11
UNIX Password Crackers
  • CRACK
  • John the Ripper
  • XIT
  • Slurpie

12
Comparison of NT crackers
13
Comparison of UNIX crackers
14
Passwords Cracked
15
Success based on
  • Password crackers ability
  • Dictionary chosen
  • Rules selected

16
Password Cracking Lab
  • Two password files, one for NT, one for Unix.
  • Linux shadow file
  • NT Sam file
  • Need to locate, choose, and download password
    crackers
  • Need to install programs and let them run
  • You will probably NOT be able to get all of the
    passwords cracked.
  • You may assume a the file came from a U.S. system
    when choosing a dictionary

17
Where can I go to get a cracker?
18
Protecting against Cracking
  • Have a good password policy
  • Change them on regular basis (how regular?)
  • Lock account after 3 failed attempts
  • Password should contain 1 alpha, 1 number, and
    one special character.
  • Dont allow users to reuse previous (5?)
    passwords.
  • Password should not be word found in a
    dictionary. -Consider using pass-phrase.
  • Consider use of one-time passwords (most common
    form is smart-card).
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Password Cracking" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!