Effective Password Cracking

Home , Dictionary attack, Hashcat, MODx, Password cracking, RainbowCrack

An Ofﬂine Attack on Norwegian Passwords

Nicklas Mortensen Hamang

Thesis submitted for the degree of Master in Network and system administration 60 credits

Department of Informatics Faculty of mathematics and natural sciences

UNIVERSITY OF OSLO

Autumn 2019

Effective Password Cracking

An Ofﬂine Attack on Norwegian Passwords

Effective Password Cracking http://www.duo.uio.no/

Printed: Reprosentralen, University of Oslo Abstract

This thesis focuses on studying characteristics of Norwegian passwords as a means to ﬁnd the best way of attacking them. This was done by using a password-cracking tool to attack ofﬂine copies of several password data breaches. We found that a majority of Norwegian passwords use long passwords but equally as many of them still use passwords found in known password leaks. In conclusion we recommend that Norwegians can strengthen their passwords by increasing their passwords length, add more special Norwegian characters and most importantly check their passwords against lists of leaked passwords.

i ii Contents

1 Introduction1 1.1 Motivation and Background...... 1 1.2 Research Questions...... 1 1.3 Structure of Thesis...... 2 1.4 Research Method...... 2

2 The Principle of Passwords3 2.1 History of the Password...... 3 2.1.1 Passwords and Cryptography Prior to Computers....3 2.1.2 In the information age...... 4 2.2 Password storage...... 5 2.2.1 Plain-Text...... 5 2.2.2 MULTIC Scrambler and PNT...... 6 2.2.3 Hash...... 6 2.2.4 Salted Hash...... 7 2.2.5 Shadowed Files...... 7 2.2.6 SAM File...... 8 2.2.7 Password Managers...... 8 2.3 Password Guidelines...... 9 2.4 Psychology of Password Creation...... 10

3 Cryptography 11 3.1 Symmetric Cryptography...... 11 3.1.1 DES...... 12 3.1.2 Triple DES...... 13 3.1.3 AES...... 14 3.2 Asymmetric Cryptography...... 15 3.3 Cryptographic Hash Functions...... 15 3.3.1 SHA X...... 17 3.3.2 MD4 and MD5...... 17 3.3.3 LMHash and NTHash...... 18 3.3.4 Crypt...... 18

4 User Authentication 21 4.1 What is user authentication?...... 21 4.2 The types of User Authentication...... 21 4.2.1 Knowledge/memorization-based authentication..... 21 4.2.2 Possession-Based Authentication...... 22 4.2.3 Inheritance-Based Authentication...... 23 4.2.4 Multi Factor...... 23 4.3 NIST...... 23 4.3.1 SP 800-63B Authentication & Lifecycle Management.. 24

iii 5 Attacking Passwords 29 5.1 Password Attacks...... 29 5.1.1 Password cracking...... 30 5.1.2 MITM - Man-in-the-Middle...... 35 5.1.3 Key Logger...... 36 5.1.4 Social Engineering...... 36 5.2 Data Breaches...... 39 5.3 Password Attack Tools...... 42 5.3.1 Brutus...... 43 5.3.2 Cain & Abel...... 44 5.3.3 John the Ripper...... 45 5.3.4 Hash Suite...... 46 5.3.5 THC Hydra...... 46 5.3.6 RainbowCrack...... 47 5.3.7 Hashcat...... 48 5.3.8 AirCrack NG...... 49 5.3.9 WinDump...... 49 5.3.10 Wireshark...... 50 5.3.11 Gophish...... 50 5.3.12 Social Engineer Toolkit (SET)...... 51

6 Experiment 53 6.1 The Machine and Software...... 53 6.2 Datasets...... 53 6.2.1 Hemmelig.com...... 55 6.3 More on Hashcat...... 55 6.3.1 Test Case...... 57 6.4 Going on the Attack...... 57 6.4.1 Brute...... 57 6.4.2 Numbers...... 58 6.4.3 Existing Lists...... 61 6.4.4 Norwegian...... 64 6.4.5 English...... 78 6.4.6 Rounding off the Attacks...... 85

7 Conclusion 87

8 Glossary 89 8.1 Avalanche effect...... 89 8.2 CAPTCHA...... 89 8.3 cygwin...... 89 8.4 Feistel Structure...... 89 8.5 Iterations...... 89 8.6 Key Stretching...... 90 8.7 Ofﬂine Attack...... 90 8.8 Online attack...... 90 8.9 Regex...... 90

A All Result Outputs 99 A.1 Experiment Files...... 99 A.2 Numbers...... 99 A.3 Brute-force...... 101 A.4 Existing Lists...... 102 A.5 Norwegian Names...... 103

iv A.6 Sports...... 110 A.7 Country- or Place-name...... 113 A.8 Norwegian Words...... 116 A.8.1 All Norwegian Dictionaries...... 119 A.9 English Names...... 121 A.10 Country- or Place-name in English or Native Languages.... 126 A.11 Movies...... 129 A.12 English Dictionary...... 131 A.13 Norwegian After English...... 134

v vi List of Figures

2.1 MULTICS Scrambler notation [16]...... 6 2.2 Hash Salting [17]...... 7 2.3 Shadow File Entry...... 7 2.4 Generic Shadow File Entry...... 7

3.1 Principle of a symmetric-key cipher [26]...... 11 3.2 Caesar cipher Shift [28]...... 12 3.3 DES with round function components; the key splitter KS, the bit expansion E, the S-boxes S, and the bit permutation P [29].. 13 3.4 encrypting and decrypting using Triple DES [30]...... 14 3.5 A asymmetric key cipher [26]...... 15 3.6 An illustration of a Hash function [33]...... 16 3.7 Illustration of the properties of a hash function...... 16 3.8 bcrypt [40]...... 19

4.1 Examples of some common patterns [42]...... 22 4.2 Authenticators...... 22 4.3 Biometrics...... 23 4.4 Summery of AAL requirements [41]...... 26

5.1 Simple Rainbow reduction [56]...... 34 5.2 A password reset attack with CAPTCHA and a security question [57]...... 35 5.3 Example of phising email, claiming to be PayPal [60]...... 37 5.4 A couple of tools to identify possible password leaks...... 42 5.5 Brutus on Windows [81]...... 44 5.6 Cain & Abel on Windows [82]...... 45 5.7 John the Ripper on Linux [86]...... 46 5.8 THC Hydra on Unix [88]...... 47 5.9 RainbowCrack on Windows [90]...... 47 5.10 Raibow table generation with RainbowCrack [90]...... 48 5.11 HashCat MD5 Benchmark on Windows...... 49 5.12 Start monitoring wireless adapter in aircrack using backtrack [93] 49 5.13 Wireshark snifﬁng packets [95]...... 50 5.14 Gophish result template [96]...... 51 5.15 Social Engineer Toolkit main manu [98]...... 52

6.1 Breakdown of Numbers Recovered...... 61 6.2 Breakdown of Names recovered...... 69 6.3 Breakdown of Norwegian Words...... 76 6.4 Breakdown of Names Recovered...... 80 6.5 Breakdown of English Attack...... 85 6.6 A Breakdown of all Attacks...... 86

vii 8.1 Hash iterations...... 90

viii List of Tables

2.1 Hash examples...... 6 2.2 UK top 10 passwords...... 9

3.1 The search space of a Hash...... 17 3.2 SHA Properties [36]...... 17

5.1 Password combinations, Time with our machine in mind.... 31 5.2 examples of using mangling rules...... 32 5.3 Hash suite supported Hashes...... 46

6.1 Attack Options...... 55 6.2 A selection of supported encryption scheme...... 56 6.3 The Debug Option For Hashcat...... 57 6.4 Simple rules used rockyou.txt...... 64

8.1 Hashcat Word Mangling Rules...... 91

ix x Chapter 1

Introduction

1.1 Motivation and Background

The Internet has become part of our daily lives, and encompasses more and more of our activities. This includes things like how we read about current events trough blogs and news sites, how we socialize using social media and web forums, as well as to how we conduct our ﬁnances with online banking websites and payment apps like vipps. All these services require some form of user authentication, which usually takes the form of user names and passwords. As people register to new websites this can lead to the need for each person to maintain a relatively large number of passwords. The password-manager developer Dashlane reported in 2018 that the average user has over 200 different digital accounts using passwords [1], which can lead to negligent password hygiene. With this many accounts a user is likely to fall into one or more of the common pitfalls of password management:

• Reuse passwords across sites and services.

• Make passwords too short.

• Make predictable passwords based on easily obtained or guessed information such as:

– Meaningful dates. – Names of themselves, family members, pets etc.

The Internet security ﬁrm SplashData publishes an annual report of the 25 most common password, and according to their 2018 report the most common passwords is "123456" [2]. This bad password hygiene puts a person’s digital identity at risk whenever a password data-breach occurs. In this thesis we investigate the password strength of Norwegians by studying two well-known password breaches.

1.2 Research Questions

The focus of this thesis is on Norwegians passwords, in terms of their strength and how they can be effectively attacked. To evaluate this we would like to answer a set of questions:

1 1. In regard to rge recent recommendation for password strength putting the focus on length, what is the length of passwords we are able to recover? 2. How many passwords of Norwegians can be recovered in existing lists of leaked passwords, or variations of them? 3. How many Norwegian passwords can be recovered using a brute-force approach with a manageable number of characters? 4. How good are Norwegians in incorporating what is speciﬁc to the Norwegian language into their passwords? Do they go to English or to Norwegian when they use predicable information or do they lean to something more neutral? 5. To what degree are Norwegians aware that character sets with ’ÆØÅæøå’ are supported in passwords?

6. How can conclusions from our experiment be used in guidelines to improve the strength of Norwegian passwords?

We attempt to answer these questions in this thesis by reporting the results of attacking some leaked datbases of Norwegian passwords.

1.3 Structure of Thesis

Before we can conduct any attack on a database of passwords we need to go over the theoretical background about passwords and the security measures implemented to protect them. We also need an understanding of password weaknesses, as well as knowledge about the tools that can help us attack them. Therefor the ﬁrst few chapters are dedicated to aspects of password security information. Chapter2: The Principles of Passwords explains the relevant information on how the password has evolve in regards to it storage and creation. In Chapter3: Cryptography we explore the different ways used to obscure or encrypt digital information. Chapter5: Attacking Passwords supply information on how we can attack the way a password. Then, the second parts focuses on the experiment done on a database of passwords.

1.4 Research Method

The research method used in this project consists of four steps. The first step consists of reading up on relevant information about passwords, how they have been and how they are currently encrypted and stored. The second, third and fourth steps are somewhat intertwined. The second step is to explore and evaluate the tools that can attack a password database, before choosing the best one for our plan of attack. The third step is finding and acquiring a database of Norwegian passwords that we can attack and answer our research questions. The fourth step consists of looking for and compiling the dictionaries that can help with the most effective attacks on the passwords of Norwegians. The fifth and final part is to conduct an experiment by performing several attacks on the database of passwords that was found, using the best tool for us and the dictionaries we had collected.

2 Chapter 2

The Principle of Passwords

This chapter explains the knowledge-based authentication credential known as passwords or alternatively as passphrases. We go through the history of passwords from biblical times all the way to the Internet age, describing how they are stored and used. We also cover how they are created in regards to the policies set by standards and touch upon the psychology of the people who create them.

2.1 History of the Password

2.1.1 Passwords and Cryptography Prior to Computers

Some people might think that the password arrived around the time of the ﬁrst computer and has only had the purpose of securing computers. As the name "password" for a knowledge-based or memorized secret might be relatively new, the concept is probably as old as mankind itself or at least that of "civilised" man. The ﬁrst mention of something similar to a password is in the seventh book of the Hebrew Bible and the Christian Old Testament, Book of Judges [3].

And the Gileadites took the passages of Jordan before the Ephraim- ites: and it was so, that when those Ephraimites which were es- caped said, Let me go over; that the men of Gilead said unto him, Art thou an Ephraimite? If he said, Nay; Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand.

Later, the Roman Legions used a passphrase distributed by a Tesserarius [4] as a method of distinguishing friend from foe. This is not the only case of Romans using passwords; the emperor Caesar is known for having used a cipher named after him, he may not be the creator of the cipher itself, but he is the ﬁrst know user of it. In more recent times, passwords or keys were used for ciphers such as Vigenere from the mid 1500’s, the ADFGVX cipher used by the Germans in WWI and the Enigma and other rotor-based cryptographic machines. These are just some of a few well-known examples among many.

3 2.1.2 In the information age Around the 1970’s a new age of man began, this is now know as the Information Age or the Digital Age. In this new era the way mankind shares and stores its information and knowledge changes and evolves in the form of computers. With this new form of information processing the password also gains a new role and becomes more prevalent in the lives of the common man. In this section we explore the password from the early Digital Age till the present day.

The 1960’s and 1970’s

The first known case of the use for passwords —to protect a user’s files, information or to grant access —is disputed. However, most experts suggest that it stems from MIT’s CTSS (Compatible Time-Sharing System) in the early 60’s and credit its creation to Fernando J. Corbató who told Wired in 2012 "Putting a password on for each individual user as a lock seemed like a very straightforward solution"[5]. Corbató was hesitant to take the credit for the creation of the password and meant that IBM’s Sabre (Semi-Automatic Business Research Environment) already had passwords, although IBM is unsure if the system had this feature at that time. The CTSS system stored its user’s passwords on the system in plain-text without any security features. The next step in password storage comes with MULTICS (Multiplexed Information and Computing Service) in the late 60’s and early 70’s. MULTICS was the successor to CTSS, which introduces a non-cryptographic hash known as the Multics Scrambler that stored passwords in the PNT (Person Name Table). Tom Van Vleck —one of the developers on MULTICS —describes this with "Joe had suggested I store the square of the password, but I knew people could take square roots, so I squared each password and ANDed with a mask to discard some bits"[6], Joe is referring to Joe Weizenbaum, a computer science professor working for MIT at the time of development. This early version of a hash function is then cracked by the USAF (United States Air Force) during an evaluation of the MULTICS security in the period of 1972-1974. The 3rd edition of the UNIX operation system implements a weak cryptographic hash function under the name crypt(3) that is based on the M-209 cipher developed during WWII [7], this is used for UNIX systems all the way up to the 6th edition. This scheme uses the the plain-text password as a key instead of encrypting the password text. When it is discovered that encrypting the key can be done in approximately 1 millisecond this scheme is no longer considered secure. As encrypting a key and testing it to a stored password takes very little time and the fact that passwords of the time were rather short it would only take a few of days or a few years at the most to run a brute-force attack [8] to crack any passwords. Knowing the weaknesses of the 3rd - 6th ed. of UNIX’s crypt (3) the crypt(3) of 7th ed. is altered to implement a 56-bit DES (Data Encryption Standard) block cipher for its hash function [9]. This gives a rather significant security improvement, as DES was quite hard to break and at that time was slow in software (this too used the password as a key to encrypt a known string). This version of crypt(3) also introduces a salt to the bits and iterates the DES 25 times [10], this is the first know case of password stretching. With the invention of hardware to assist the issue of slow DES and the limit of 8 character passwords puts passwords at higher risk again. The crypto(3) combats this by adding a 12- bit random number, this would not work with the DES-chip’s internal wiring making it useless in a brute-force attack against crypt(3) encrypted password. Other mitigations to the DES-chip included increasing the DES key length,

4 salting and re-iterating multiple times.

The 1980’s and 90’s Through most of the 1980’s there is very little advancement or development in password security or defence until the launch of System V (System 5) and BSD 4.3 (Berkeley Software Distribution version 4.3). To mitigate the security risks of the DES hashed passwords the developers of System V and BSD 4.3 releases these with what is known as password shadowing. Password shadowing is where the username and passwords are stored separately, this allows for the system to restrict user access to the password files [11][12]. Microsoft’s NTLM (New Technology Local Area Network Manager) implements the MD4 (Message-Digest) hash scheme instead of DES. Unlike UNIX systems at that time the NTLM did not utilize salts nor did it iterated the hash [13].Which therefore made it weak. In the early- to mid-nineties the BSDi (Berkeley Software Design Inc) Version of the BSD OS uses an extended version of the DES crypto scheme. This extended version supports a 24-bit random salt, configurable number of iterations, explained in section 8.5, and allows for a password length longer than 8 characters. FreeBSD introduces —in the 1994 release of version 1.1.5.1 —the MD5 based crypto(3) algorithm created by Ronald Rivest [14]. This hash scheme would then allow for a longer password length and a salt of 48-bit and up to 1000 iterations. At the end of the 1990’s openBSD launches the brypt crypto scheme to combat the rising developments in the "cracking" of hash-based passwords. This new scheme is based on the blowfish algorithm [15] and it also uses a larger salt of 128-bit. During this time, due to the rise in the popularity of the Internet and its need for passwords, a lot of time and development went into the creation of secure methods for transferring the password information over unsecured channels. The solution is mainly based on encrypting the traffic using SSL/TLS, but this will not be covered in this thesis.

2000’s to the present (and beyond) Windows NT Windows 2000 starts to store passwords in a specific file called the SAM file (Security Accounts Manager). This file is then also encrypted using something called the SYSKEY as its encryption key. Very little has truly happened in the security of how we store passwords since the early 2000’s. Much like in the 90’s the development of securely transmitting passwords were quite important in this decade as well. Although with the emergence of modern technologies and devices in this burgeoning millennium, we have started to create new forms of user authentication. Among the new authentications are two-factor, graphical, biometrics and one-time logins.

2.2 Password storage

2.2.1 Plain-Text Plain-text is the earliest and simplest form of password storage. In this case the password is, as the name suggests, stored in readable text. There is in this case no encryption to protect what the actual password is. This would then grant anyone with access to the password ﬁle the ability to read it.

5 2.2.2 MULTIC Scrambler and PNT

The MULTICS system stored user passwords on what was called a PNT, they were stored there in an encrypted format and thus not in plain-text. In PNT, this was then further secured from unauthorized usage by utilizing an ACL (Access Control List). The password is ecrypted by the MULTICS scrambler. This scrambler works by ﬁrst compressing an 8-character MULTICS—ASCII password from 72-bits down to 56-bits by removing the two higher order bits from each character. Blanks are added if the password’s length is less then 8, the resulting compressed password —from now called p —is then multiplied by its own low-order 16-bits, then it is reduced by modulo 1019−1. The equation is illustrated in Figure 2.1.

Figure 2.1: MULTICS Scrambler notation [16]

2.2.3 Hash

Hash functions represent one of the safest known methods of password storage. Hash function come in many forms, which will explained in further detail in Section 3.3. The schemes used over the years are DES-based, MD4, MD5, bcrypt, SHA-1 and SHA2. In Table 2.1 you can see the hash value of the string "password" using these schemes.

Type value Plain password standard DES stqZw66BRck1U extended DES JW8FtKdEkNM MD4 8a9d093f14f8701df17732b2bb182c74 MD5 5f4dcc3b5aa765d61d8327deb882cf99 bcrypt uTWAJ9Crug/6rTMe920hS.ALZlKGsmlXkUyKmgYXoxxUyWWIuq8MW SHA-1 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 SHA-2 (256) 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

Table 2.1: Hash examples

6 2.2.4 Salted Hash

A salted hash is quite simply a hash where a "salt" is added to the front of the plain-text before it is sent trough the hash function as seen in Figure 2.2. This salt is usually some random string of a fixed length and for maximum efficiency it should be different for every password stored, but it is not necessary for the salt to be a secret. Adding salt is done to safeguard against certain types of attack on passwords or password file(s) such as look-up tables and rainbow tables to name a few. An additional effect is that even if two people have the same password their password’s hash values will be different.

Figure 2.2: Hash Salting [17]

2.2.5 Shadowed Files

As the /etc/passwd file —which contains the information of the users —of a UNIX system is readable by any logged on user, the password that used to be stored there was moved to a separate and more secure file. The name of these files are different depending on the systems, but they are referred to as a shadowed password file. These files contain an entry for each user listed in the /etc/passwd file [18]. Even though the passwords were already encrypted in the original /etc/passwd file this reduces the dangers and possibility of attacks on the passwords. Even though the the name and the structure of the shadowed file vary depending on the UNIX system it usually resemble that of the /etc/passwd file. A typical structure of the shadowed password file can be seen in Figure 2.3 or a more generic form in Figure 2.4.

Figure 2.3: Shadow File Entry

Figure 2.4: Generic Shadow File Entry

7 As seen in the Figures 2.3 and 2.4 the entries are a string where the ﬁelds are separated by a colon. These ﬁelds are

• Username: the user’s login name.

• Password: The password of the user, in encrypted —created by crypt(C) —form usually setup as $id$salt$hash digest. The $id$ indicates which hash algorithm that was used [19].

– $1$ is MD5 – $2a$ is Blowﬁsh – $5$ is SHA-256 – $6$ is SHA-512

• Last changed: Days since the password was changed.

• May change: the minimum amount of days between password changes.

• Must change: The amount of days before the password must be changed.

• Warn days: The amount of days before the previous entry that the system starts to ask the user to change their password.

• Disable: The amount of days after the expiration of the password that the account is disabled.

• Reserved: reserved for a future use.

2.2.6 SAM File Just like the Unix systems store their passwords in a separated an encrypted file so does Microsoft Windows as well. This file is known as the Security Account Manager file, it was first introduced in Windows 2000’s Service Pack 4. The file itself contains the information of the local user and group accounts such as the password, it also includes information regarding account groups, access rights and special privileges [20]. The SAM file can be found stored in the Windows registry, and to increase the security it cannot be moved or copied while the system is running. Another feature of security is the ability to use the Windows SYSKEY to partially encrypt the file itself [21]. LM or NTLM Hashes are used to obscure the password before it is stored in this file to increase its security. The SAM file is used in cooperation with the Local Security Authority (LSA) to validate a user’s logon attempt in order to authenticate the user’s credentials. This function is initialized on startup and runs in the background.

2.2.7 Password Managers The last method of password storage mentioned here is unique from the others as this one is for the user themselves to store their password. This method is called a password manager, they are applications or browser plug-ins that store all of a users online credentials. The purpose is so that the users really only need to remember one master password, that of the manager. These managers can help with password security as it would allow for longer, more unique passwords for each of the user’s web page or service accounts. As the passwords could be longer to mitigate the weakest link in

8 password security —the human element —it is thus stronger. More so is the then reduction of password reuse over services. To protect the password the managers encrypt them using an encryption scheme. Which encryption that is used is up to the provider of these applications and might then differ from provider to provider. An example is the provider www.1password.com which uses a 256-bit AES encryption in GCM mode, with a key derivation generated locally using PBKDF2. Other features these might posses in order to increase their usefulness and security are for example:

• Identifying weak passwords

• Identifying duplicate passwords

• Help in createing a strong password

• Synchronize between systems and devices to maximize area of coverage.

• Use biometrics as master password

• Share logins without sharing passwords.

2.3 Password Guidelines

In this section we will go through the password creation rules, policies and guidelines we have had over the years. In the beginning of modern times —or at least since the early 1960’s —the only password requirements were length and what alphanumerical characters that could be used. This was mostly due to the restrictions that came with the limitations of the key length of the hash functions used to secure passwords at that time. Some of these functions —such as Microsoft’s LANMAN—also converted all the characters to lower-case this made the use of uppercase characters to be merely for ease of memorization. Humans tend to create passwords they can easily remember and as the human memory is relatively flawed and the average person tend to find it difficult to remember a large string of random character [22], these passwords then end up being short and simple, usually a word, a name or a birthday. Table 2.2 shows the UK’s top-ten used passwords of 2019 [23].

123456 123456789 qwerty password 111111 12345678 abc123 1234567 password1 12345

Table 2.2: UK top 10 passwords

The setup of rules and guidelines of the passwords was usually up to the administrator of each system. After the arrival of the Internet, the use of passwords becomes part of our daily lives and a more standardized password policy was needed. NIST (National Institute of Standards and Technology) published their special publication 800-63-1 —written by Bill Burr —where appendix A contains a short list of guidelines of how to make passwords [24]. The ﬁrst edition of the NIST guidelines suggested to use a minimum of 8 character, at least one uppercase and avoid common words. Over the years these guidelines have been expanded to add such rules/suggestions as

9 to replace letters with numbers, change password after a speciﬁc time and using special characters such as " & #". Other safeguards should be added to the password creation such as password blacklists and the inability to use anything that can be found in the user’s personal information provided during registration.

2.4 Psychology of Password Creation

The perfect password should contain the maximum entropy and use as many characters as the system would allow, as well as using a random selection, to achieve the best possible security. This password should also be well protected and unguessable to maximize its security. Unfortunately a person would not be able to remember it or even type it. The crux of any security system is the human element. The human mind can be said to be ﬂawed when it comes to the ability of memorization of random combinations [22]. A person leans towards something that is easy not only to remember but also easy to type. Why do people choose these insecure passwords? Is it really a problem to remember? A study shows that people are able to memorize a complex password but choose not to out of convenience [25]. Why may this be? The same study showed that this may be due to an issue of ignoring the threat that comes from insecure passwords. People are typically more afraid of their private information being disseminated among their family and friends and less on the threat of theft by strangers. The reason for bad password management is not the lack of understanding the need for good and strong passwords, nor the misunderstanding of the policies of constraints in the creation of the password. An important reason is the naive belief that "Password attack and compromise won’t happen to me. The need for convenience over security steers the human mind into creating its own —bad —rules for password creation. People typically use similar passwords over different sites of varying trustworthiness, passwords that are in some variation a word or a place —in the person’s native language or in their native land —or simply a name of someone they know. It would be easy to put this blame on the common user and think that they are the only ones guilty of bad password practices. Unfortunately this is not really the case, as we are all —or at least most of us —culpable of this to some extent.

10 Chapter 3

Cryptography

In the age of information technology where information is sent over the Internet —at times using insecure networks —we are in need of a way to protect information as it passes through these networks. Since we cannot know or decide who can see the content of the communications over these networks we must ﬁnd other ways of hiding this information. To accomplish this we use cryptography, this is a method of hiding the information from anyone other than the intended recipients. These methods hide the content by encrypting the ordinary plain-text into an unintelligible text before sending it to its destination. Even if a possible adversary or snooper is able to intercept the message, they cannot read it without the cryptographic key.

3.1 Symmetric Cryptography

Symmetric cryptography also know as secret-key cryptography is a method of cryptography that utilises the same cryptographic key for both the encryption and the decryption of a message. This key is then a representation of a shared secret between the two parties of the communication to ensure a private information transmission and to keep the message protected from prying eyes. An algorithm built on symmetric keys takes a plain-text message m and encrypts it using the secret shared key k to create a cipher text c = E(k, m). To regain the original text all that needs to be done is to decrypt the cipher text c −1 using the same key, written as m = D(k, c) or Dk := Ek .

Figure 3.1: Principle of a symmetric-key cipher [26]

11 For symmetric cryptography to work properly and to decrypt back to a readable text it is a requirement to use the same key. Without the right key the message will be lost unless the key can be recovered with cryptoanalysis or by the use of brute-force key search. Depending on the encryption scheme used this can be very costly in time and resources. Symmetric cryptography is the oldest know method of encrypting information with schemes such as the Caesar cipher being a simple substitution cipher [27]. The cipher is named after the ancient emperor of Rome Julius Caesar who used it to secretly communicate with his military forces, his key was k = 3. The Caesar cipher works by shifting the letters of the alphabet in use by a certain number of places —which is speciﬁed by the key —and then encrypting a plain-text using this shift-substitution. Encryption can be written out as Ek(a) = (a + k)modx and decryption as Dk(a) = (a − k)modx. In these formulas k is the key or times to shift, a is the position of the original letter and x is the number of letters in the used alphabet, this is illustrated in Figure 3.2.

Figure 3.2: Caesar cipher Shift [28]

The advantages of a symmetric cryptography scheme is that it is fast in regards to encryption and decryption. A major disadvantage of the symmetric cryptographic system is that the keys must be securely distributed prior to the communication. As there is no real secure way of transferring the keys electronically these have to be exchanged through a secure independent channel. Additionally symmetric crypto systems cannot be used to provide a digital signature as there is only one key, so there would not be any way of knowing which party that signed.

3.1.1 DES

One of the most well-known symmetric-key cryptographic methods is DES (Data Encryption Standard) created by IBM (International Business Machines) and adopted in 1977 by the United States government as a standard for encryption of their sensitive yet unclassiﬁed data. The algorithm was the ﬁrst attempt of making a universal standard for encryption and was extremely successful and revolutionary. DES is a block cipher of a 64-bit (8 byte). Encryption is illustration in Figure 3.3. The key was deliberately made relativaly short —only 56-bit —to allow the NSA the ability of cracking. The DES algorithm is based on ad-hoc mixing operations instead of complicated mathematical problems and uses a Feistel Structure, explained in Section 8.4, which means it uses rounds to encrypt or decrypt the data blocks. The 56-bit key is padded with 8 bits to make a 64-bit key structure. There are a total of 16 rounds where the key is divided into 16 sub keys of 48-bits each.

12 Figure 3.3: DES with round function components; the key splitter KS, the bit expansion E, the S-boxes S, and the bit permutation P [29]

3.1.2 Triple DES In the early 1990’s the ease and speed of which a computer could run a key search on the DES algorithm caused a lot of discomfort among the users. To mitigate this threat a new system was needed, however the users where concerned about the cost —both in time and money —of replacing the DES encryption/decryption scheme as it had been widely adopted and implemented in security architectures. So to both mitigate the security threats against the now insecure DES and to avoid the cost of replacing it, Triple DES, 3-Key DES or 3DES were devised. This scheme is simply to run the DES algorithm on a data block three times. To do this, the key can be increased to 112-bit or 168-bits where used. There are three standards of deﬁning the 3 keys.

1. All the keys are independent.

2. Key 1 and key 2 are independent and keys 1 and 3 are identical.

3. All keys are identical.

Of these three options the ﬁrst option grants the strongest security as this would make the key 3 ∗ 56 = 168 independent bits long. whilst option number two would only give 2 ∗ 56 = 112 independent bits. The third option only gives 56 independent bits, just like the original DES. To encrypt a plain-text the Triple DES algorithm uses DES to encrypt using the ﬁrst key, then decrypt using the second key and lastly encrypt using the third key. to decrypt using Triple DES this would then be done in reverse by

13 decrypting with key three, encrypting with key two and decrypting again with key one as can be seen in Figure 3.4.

cipher = Ek3(Dk2(Ek1(plain)))

plain = Dk1(Ek2(Dk3(cipher)))

Figure 3.4: encrypting and decrypting using Triple DES [30]

3.1.3 AES

The Advanced Encryption Standard is a block cipher that was created in response to the fact that DES was becoming vulnerable to brute-force attacks due to its short key. It was submitted to NIST by Vincent Rijmen and Joan Daemen during NIST’s search for a new encryption standard. NIST had few but clear requirements to the new algorithm. [31]:

• The cipher should be a single block cipher.

• The cipher should be available royalty-free worldwide.

• The cipher should have a public and ﬂexible design.

• The cipher should offer the security of two-key triple-DES as a minimum

It is a block cipher that encrypts data in 128-bit blocks using key of three different lengths, 128-, 192 and 256-bit. The algorithm is based on a substitution-permutation network instead of a Feistel network and is effective in both software and hardware. The number of rounds in AES depends on the key length:

• 10 rounds with a 128-bit key.

• 12 rounds with a 192-bit key.

• 14 rounds with a 256-bit key.

14 3.2 Asymmetric Cryptography

To solve the growing problem of key distribution of symmetric keys, a new for of encryption was needed. This is where asymmetric cryptography —also known as public-key cryptography —comes in, the concept was first presented by Martin Hellman and Whitfield Diffie at Stanford in 1976. A similar concept was also covertly proposed by Clifford Cocks —an employ at GCHQ (Government Communications Headquarters) in the UK —who based his work on papers written about "The Possibility of Secure Non-Secret Digital Encryption" by James Ellis. This new form of cryptography is based on using two different keys, one public key for encryption and one private key for decryption as can be seen in Figure 3.5.

Figure 3.5: A asymmetric key cipher [26]

The idea for the public key scheme is to allow for a public disclosure of algorithm and encryption key. The keys are two rather large non-identical numbers that are paired together through a mathematical function. There are many asymmetric cryptographic algorithms out there, including but not limited to RSA, DSA and ElGamal. Asymmetric cryptography is used mainly in Web-protocols and digital signatures to name a few, but are not really utilized for password storage, which is why these algorithms are not described in detail here.

3.3 Cryptographic Hash Functions

A Hash Function is a one-way cryptographic function that obscures the original text. This should be done as it is irresponsible in regards to security to store passwords in plain-text. The hash function takes an input also known as the message of ﬁnite arbitrary length and returns a string —also known as a hash-code, hash-result, hash-value or simply hash —of ﬁxed length [32], this length is different depending on the Hash scheme used. An mathematical representation of a hash function is show bellow, where n is the length of the output. A illustration of this function can be seen in Figure 3.6.

h : {0, 1}∗ → {0, 1}n, m → h(m)

15 Figure 3.6: An illustration of a Hash function [33]

The main purpose of a hash function is to authenticate data. For a cryptographic hash function to be useful for password storage protection it has to fulﬁll a few important properties, such as pre-image resistance, second pre- image resistance and collision resistance [34] as is illustrated in Figure 3.7.

1. Pre-image resistance is the property of a hash function that it is hard to invert, that is, given an element in the range of a hash function, it should be computationally infeasible to ﬁnd an input that maps to that element. In other words if hash function h produces hash value v it should be infeasible to ﬁnd an input x such that h(x) = v.

2. Second pre-image resistance is the property of a hash function that it is computationally infeasible to ﬁnd any second input that has the same output as a given input. Again in other words it should be infeasible for a hash h that has the input x to ﬁnd a input y so that h(y) = h(x).

3. Collision resistance is the property of a hash function that it is computationally infeasible to ﬁnd two colliding inputs, although many such collisions exist. This property is related to second preimage resistance, which is also known as weak collision resistance. It should be infeasible for hash function h to ﬁnd two inputs x and y such that h(x) = h(y).

Figure 3.7: Illustration of the properties of a hash function

Hash functions allow for a certain level of security when it comes to password storage, this is because even if someone gains access to the hashed password or password ﬁle(s) it is difﬁcult to recover the original plain-text password. Considering the computational complexity of the hash function and

16 the policies of password length it should take some time to perform a brute- force attack on a hash. A brute force on a hash would be xn where x would be the amount of different characters that can be used and n is the number of digits in the password. A few of the calculations of this can be seen in Table 3.1. There are several Hash functions available and which have been used for the storing of passwords. Although they do the work differently their function is pretty much the same.

string search space length search space size a 29 (a−å) 291 = 29 aa 29 (a−å) 292 = 841 Aa 58 (a−å, A−Å) 582 = 3364 Aa1 68 (a−å, A−Å, 0−9) 683 = 314432 Aa1! 101 (a−å, A−Å, 0−9, 33 symbols) 1014 = 104060401 P4$$word 101 (a−å, A−Å, 0−9, 33 symbols) 1018 = 1.0828567e + 16

Table 3.1: The search space of a Hash

3.3.1 SHA X Among the many cryptographic hash functions that are used to safeguard our passwords are those of the SHA(Secure Hash Algorithms) series. This series of Hashes include SHA-0, SHA-1, SHA-2 —containing SHA-256 and SHA-512 —and SHA-3. The first of which were created by the NSA back in 1993 but it was withdrawn shorty after its publication and replaced with SHA-1 which was considered to be a US Federal Information Processing Standards (FIPS) [35]. There are some differences between these algorithms some which are show in Table 3.2. Hash functions differ quite significantly when it comes to the level of security they provide. Even so they can all be described to work in two stages: Preprocessing an Hash computation. Preprocessing has three steps, first it pads the message (m) to make sure that m is a multiple of a specific number of bits, depending on which algorithm is in use. Second it parses m into blocks of predetermined bits again based on the algorithm in use, from here is the final step of setting an initial hash value, and then to compute the hash in steps.

Table 3.2: SHA Properties [36]

3.3.2 MD4 and MD5 The MD4 hash function designed —by Ronald Rivest back in 1990 —focused on security, simplicity and speed, speciﬁcally fast in a 32 bit microprocessor

17 architecture as this was the dominant standard of the time. It took a message of arbitrary length and returned a string of 128-bits [37] it sent the message through 3 rounds of 16 steps to accomplish its goal. As the MD4 proves to be too fast and it is possible to ﬁnd two different messages with the same hash it was replaced by MD5. The MD5 function is based on the MD4 but it puts more focus on security than on efﬁciency. MD5 differs from MD4 on 6 points [38]:

1. A forth round was added.

2. Each step has a unique additive constant.

3. The function g in round 2 was changed from (XYvXZvYZ) to (XZvY¬Z) to make g less symmetric.

4. Each step now adds in the result of the previous step. This promotes a faster "avalanche effect".

5. The order in which input words are accessed in rounds 2 and 3 is changed, to make these patterns less like each other.

6. The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect". The shifts indifferent rounds are distinct.

However, attacks against MD5 also exist, so it is possible to ﬁnd collisions

3.3.3 LMHash and NTHash LAN Manager (LM) Hash or LMHash is the oldest known method of password storage used by Windows. It is quite simple and can be explained in 5 easy steps by their own website [39]:

1. Convert all lower case characters in the password to upper case

2. Pad the password with NULL characters until it is exactly 14 characters long

3. Split the password into two 7-character chunks

4. Use each chunk separately as a DES key to encrypt a speciﬁc string

5. Concatenate the two cipher texts into a 128-bit string and store the result

As the method uses a DES encryption it is not really a hash function but is used as one, and the resulting hash output is stored in the SAM ﬁle. This hash is very easily cracked and therefor is now turned off as a default in the newer versions of Windows. The successor of the LMHash is the NTHash aslo known as the unicode hash as it supports the entire unicode character set. This hash function simply hashes the password using the MD4 scheme [39]. This resulting hash is also stored in the SAM ﬁle.

3.3.4 Crypt Crypt(c) is the function in Unix systems that is responsible for hashing the passwords within the system. It utilizes many different algorithms to accomplish this. These algorithms are DES-ext, MD5, Blowﬁsh, NT-hash, SHA- 256 and SHA-512 which have already been explained here.

18 bcrypt with Blowﬁsh The bcrypt hash is based on the blowﬁsh block cipher cryptographic algorithm [15]. This function is an adaptive hash that uses a technique known as key stretching, explained in Section 8.6. It introduces a work factor that is used to decide the cost of the function, this determines how slow the function is at hashing plain-text. This can make bcrypt very resistant to brute-force attacks, it also means that the function can be utilized for some time even as machines become more powerful. A representation of bcrypt can be seen on Figure 3.8.

Figure 3.8: bcrypt [40]

19 20 Chapter 4

User Authentication

One of the most important things when it comes to the use of computers and networks is user authentication. In this chapter we explain the main aspects of user authentication, what it is, what forms it may have, some examples of its uses and most importantly why it is needed.

4.1 What is user authentication?

When using a service like email, online banking or a e-health —to name a few —there can be a certain level of uncertainty as to the digital identity of an entity that is trying to engage in the online transaction. This transaction can be something as simple logging into a streaming service or something more complex like an bank transaction. This is where user authentication comes in to solve the problem and give a level of assurance as to the validity of the claim. In simpler terms, any form where a person is required to log on as a way of proving their identity so as to interact with a system, is a case of user authentication. As there are some services that would need a higher level of certainty as to whom is attempting to log on to their system there would have to exist a way of doing this. As a solution to this is to define several levels of user authentication, these levels are known as Authentication Assurance Levels or AAL. These levels are defined and outlined in NIST’s special publication 800- 63 appendix B [41] and explained in Section 4.3.1. The European eIDAS also defines similar authentication assurance levels.

4.2 The types of User Authentication

Just as there are levels of user authentication, there are several different types of user authentication. These types are categorized into three different categories;

• Knowledge/memorization-based: something you know.

• Possession-based: something you have.

• Inheritance-based: something you are.

4.2.1 Knowledge/memorization-based authentication Knowledge or memorization-based authentication is any form of user authentication that require the user to remember something. Examples of this type

21 of authentication is passwords and usernames, PIN code and pattern such as those found on Android devices which can be seen in Figure 4.1. These forms are some of the simplest cases of authenticating the user’s identity; but are also considered the weakest in terms of security. This is of course as they are easier to share than the other types of authentication.

Figure 4.1: Examples of some common patterns [42]

4.2.2 Possession-Based Authentication

Possession-based authentication is where something you can own and control can be used as proof of identity. Some examples of this are smart cards and authenticator devices. Authenticator devices, also known as security tokens, are a physical devices or a smartphone applications that creats a token that can be used to login to a service. There are several types of these authenticators, among them is a one-time-password (OTP) device that create a one-time-use password using an embedded secret as a seed. These OTPs are predictable based on this seed, which allows for the receiving system to know what the next OTP should be to authenticate it. Another type of device is a lookup secret, this is a device or even a physical object like a card that stores a predetermined number of one-use secrets. Figure 4.2a and Figure 4.2b show samples of these two examples respectively.

(a) BankId [43] (b) Code card [44]

Figure 4.2: Authenticators

22 4.2.3 Inheritance-Based Authentication

The last category of authentication is that of Inheritance-based, in this case we are talking about anything that you are. In other words a characteristic that only you have and no one else can imitate. Another more known terminology for this is biometrics which includes a fingerprint (Figure 4.3a), retina (Figure 4.3b), iris, voice, DNA and face. Biometrics are based on the fact that characteristics as a fingerprint is highly unique. No one else is in possession of exactly the same fingerprint not even identical twins, this may be because a fingerprint is developed as a reisult of the environment we encounter while in our mother womb and not a genetic factor [45]. This can also be said about methods involving the retina and the iris. While our DNA in some cases are not completely unique, as in the case of identical twins, it is still a rather strong form of authentication. This cannot truly be said for our face or voices, these are still used as as a method of authentication, usually on personal devices such as smartphones. This is not to say that all forms of biometrics are a guaranteed constant throughout a persons lifetime, these characteristics can change during a persons life. Some may alter over time while others usually change via some sort of trauma.

(a) Fingerprint [46] (b) Retina [47]

Figure 4.3: Biometrics

4.2.4 Multi Factor

To increase the level of security of these different methods of authentication another form can be implemented, this is known as multi-factor authentication. This is any authentication system where two or more of the above mentioned are used as proof of your digital identity.

4.3 NIST

NIST was founded by request from congress in 1901 and established in Washington D.C as the National Bureau of Standards, this was to ﬁll a need for nationalized standards. At that time in the US there were for example different gallons and four different feet in use [48]. In the late 40’s NIST moved into the world of computing with the Standards Eastern Automatic Computer (SEAC). Over the years NIST has established ten separate laboratories [49], six of these are still operating [50]:

23 • Communications Technology Laboratory (CTL)

• Engineering Laboratory (EL)

• Information Technology Laboratory (ITL)

• Center for Neutron Research (NCNR)

• Material Measurement Laboratory (MML)

• Physical Measurement Laboratory (PML)

After a few decades of working in the standards of computer security and cryptography, the work on standards within information technology was turned over to one of NIST laboratories, Information Technology Laboratory (ITL). ITL is measurement and testing laboratory that handles a broad spectrum of computer science, mathematics, statistics and systems engineering ﬁelds [51]. One of their main priorities is that of cybersecurity, this is where the special publication 800-63-3 comes in which is the Digital Identity Guidelines. This publication is a report that contains details of their research, guidelines and their collaborations with other government agencies, academic institutions and corporations. The publication also contains three additional appendixes,

• SP 800-63-3A Enrollment & Identity Prooﬁng.

• SP 800-63-3B Authentication & Lifecycle Management.

• SP 800-63-3C Federation & Assertions.

In a newer edition of the publication ITL has retired the concept of Level of Assurance (LOA) as one single measurement of authentication implementation. Instead it was divided into three distinct parts that provides a higher level of ﬂexibility for agencies in choosing identity solution. These three parts are [52]:

• IAL: refers to the identity prooﬁng process.

• AAL: refers to the authentication process.

• FAL: refers to the strength of an assertion in a federated environment, used to communicate authentication and attribute information (if applicable) to a relying party (RP).

4.3.1 SP 800-63B Authentication & Lifecycle Management This appendix of the SP 800-63 handles the details about the authentication process and the management of an authenticated sessions lifecycle. It is written to give agencies a guideline for how to implement a digital authentication online [41]. As some login are not really required to be traceable back to a single entity, while other cases may need this to be the case, the AAL are created and outlined by NIST int his publication and explained further bellow. Other topics that are explained in great detail within this publication is the lifecycle and recovery of an authenticator, the threats and security considerations to the authentication process such as an attack on the session as well as mitigation to these threats [41].

24 Authenticator Assurance Level

Authentication Assurance Level numbers from 1 to 3, with 1 being the lowest and 3 being the highest. These levels are deﬁned as such, and a summary can by found in Figure 4.4 from NIST [41]:

• Authenticator Assurance Level 1: AAL1 provides some assurance that the claimant controls an authenticator bound to the subscriber’s account. AAL1 requires either single-factor or multi-factor authentication using a wide range of available authentication technologies. Successful authentication requires that the claimant prove possession and control of the authenticator through a secure authentication protocol

This level suggests that reauthentication should occur periodically and at least once per 30 days, meaning that a user should be logged out and required to log back in, no matter the activity of the user.

• Authenticator Assurance Level 2: AAL2 provides high conﬁdence that the claimant controls an authenticator(s) bound to the subscriber’s account. Proof of possession and control of two different authentication factors is required through secure authentication protocol(s). Approved cryptographic techniques are required at AAL2 and above.

As for reauthentication at this level should happen every 12 hours no matter the level of user activity for extended sessions. This should also happen for any period of inactivity exceeding 30 minutes. In regards to a reauthentication after a short period of inactivity may only require the use of a memorized secret or a bio-metric to accompany a still valid session secret.

• Authenticator Assurance Level 3: AAL3 provides very high confidence that the claimant controls authenticator(s) bound to the subscriber’s account. Au- thentication at AAL3 is based on proof of possession of a key through a cryptographic protocol. AAL3 authentication requires a hardware-based authenticator and an authenticator that provides verifier impersonation resistance; the same device may fulfill both these requirements. In order to authenticate at AAL3, claimants are required to prove possession and control of two distinct authentication factors through secure authentication protocol(s). Approved cryptographic techniques are required.

Reauthentication again should be repeated once per 12 hours during an extended session regardless of activity, as well as after a period of 15 minutes or longer of inactivity. Here it would be necessary to provide both factors of authentication to reinstate the session

25 Figure 4.4: Summery of AAL requirements [41]

In the following list is an outline and short explanation of the different authenticator types that are described in this document and are used in the authentication levels [41].

• Memorized Secret Is a secret that you have to remember, usually known as a password, a PIN or a pattern

• Look-up Secret is a physical or electronic device that comes prestored with a set of secrets that is shared between the device and the Credential Service Provider aka CSP

• Out-of-Band is a physical device that can communicate securely between the veriﬁer over a distinct communication channel.

• Single-Factor one-time-password Device is a device that generates a OTP. This can be a hardware device or a software installed on another device, i.e a smartphone.

• Multi-factor one-time-password Device is like a single-factor that generates the OTP after it is activated throug another form of authentication.

• Single-Factor Crypto Software is a software-based cryptographic authenticator that stores a chryptographic key on some sort of soft media.

• Single-Factor Crypto Device is a hardware device that performs cryptographic operations using a protected cryptographic key.

26 • Multi-factor Crypto Software is like single-factor crypto software that only performs it job after it has been activated with another authentication • Multi-factor Crypto Device is a hardware device that performs cryptographic operations using one or more protected cryptographic keys and requires activation through a second authentication factor [41]

27 28 Chapter 5

Attacking Passwords

Whenever anybody creates a strong defence, someone else will create an even stronger attack. This has been true throughout the history of humans’ strive for security. Be it stronger metals to break the sword of an enemy, a mightier bullet to penetrate vests or even a more intelligent virus to wear down the immune system. So why should password/cyber security be any different from these? They are also created to provide security and are therefor subject to the same battle between attack and defence. The ﬁrst attack on the use of digital passwords is almost as old as the ﬁrst use of passwords in informatics [5]. Some of the methods of attack against password security and password storage might be discovered by accident while others are created on purpose. As long as there are smart peoples that work hard to ensure our security, there will someone very creative on the other side to destroy their work or to exploit it. This is not to say that all attacks or exploits are created or used by those with ill intentions, there are some that also use them to improve on the way we implement and develop our security measures. Other noble uses for a password attacks could be in the attempted recovery of a lost password. In this chapter we explore some of the attacks or data breaches that have happened throughout time —focusing on the information age —and even take a look at their implications. We explain some of the attack methods that exist against passwords of today, and mantion some of the tools, software and applications that can carry out such attacks.

5.1 Password Attacks

Today there exist a myriad of ways to obtains someone’s password. Some of these password attacks are based on the computational power of computers. These consist of dictionary attacks, brute force attacks, ﬁngerprint attack, phrase attack and the use of a rainbow table. Some are more based on the manner in which we transfer the passwords across the system or systems, whilst others rely more on the human factor, such as the possible weaknesses of the owner of said password, known as social engineering. Anther factor for deciding the best approach is if wheter will be an online attack or an ofﬂine attack.

29 5.1.1 Password cracking Password cracking is when somebody tries to guess or brute-force the search for passwords. It can be either for nefarious or noble causes. This can as earlier stated be achieved by using the computational power of computers. Most computers nowadays can run from a billion to tens of billion hash computations per second. This gives an attacker the ability to test an almost unimaginable amount of possible passwords in a very short time. There are a few different types of password cracking techniques to use on a single login or an entire database, some of these are explained further bellow. The most efﬁcient method of cracking is dependent on a few factors of the password as well as the system and protocols used.

• Unpredictability: How easy would it be to guess it. • Length: The length of the password to crack. • Complexity: Its use of characters: does it contain letters, numbers and/or symbols, and how they may be combined.

Unfortunately these password factors are usually unknown for larger datasets and knowing which method to use can end up being an educated guess at best. Luckily we can depend on other factors that can be more known or even some that can tell us something about the password structure.

• Character set allowed • Password complexity requirement or lack thereof. • Protocols used by the service. • Other password safeguards like blacklisting words or personal information.

Brute Force A brute-force attack is A few calculation rates of this is shown in Table 5.1, this is considering a Norwegian alphabet and testing 11,051,000,000 passwords per second, which today is a rather medium rate. as simple and unrefined as it sounds, it is the practice of trying every conceivable combinations until the attacker gets it correct or possibly gives up. It is a trial-and-error method that is usually done by systematically trying a passwords until the correct password is recovered or all the combinations have been exhausted. Important variables in starting a brute-force attack on a password or a set of passwords is what are the minimum and maximum password lengths. As well as which character sets should be tested in the password possibilities. An example and explanation for a brute-force attack would be if we start with the password having at least 4 characters long and shorter than 10. It can contain only a-å and A-Å then it would start at aaaa then to aaab to aaac and so on until it ends, either as the password is recovered, all passwords are recovered or it reaches ÅÅÅÅÅÅÅÅÅÅ. The attack’s biggest strength is that it is relatively easy to set up and perform. Given enough time, space and/or computer power it is in reality the only attack that can find 100% of passwords, assuming of course all possible character sets are in use. The attack is best suited for an offline attack against a leaked, stolen or legally obtained database as an attack online allows the

30 service to restrict attempts per second. A problem with this technique though is that it can be slow, this comes from the fact of running through all possible combinations has a proportionate growth to the space of possible passwords. A few calculation rates of this is shown in Table 5.1, this is considering a Norwegian alphabet and testing 11,051,000,000 passwords per second, which today is a rather medium rate. This can also be done as a Mask attack, where it is possible to set any "rule" to reduce the number of possibilities. Let us say that the attacker knows that the password is capitalized, and that there are numbers at the end. Then they can set up a mask that tells the program how to compile the possible passwords to test.

Length characters combinations computing time 4 a-å, A-Å, 0-9 684 = 21,381,376 0.042 seconds 4 a-å, A-Å, 0-9, 33 symbols 1014 = 104,060,401 1.9 milliseconds 8 a-å, A-Å, 0-9 688 = 4.5716324×1014 11.5 hours 8 a-å, A-Å, 0-9, 33 symbols 1018 = 1.0828567×1016 11.34 days 10 a-å, A-Å, 0-9 6810 = 2.1139228×1018 6 years 10 a-å, A-Å, 0-9, 33 symbols 10110 = 1.1046221×1020 317 years 12 a-å, A-Å, 0-9 6812 = 9.7747791×1021 28 millennia 12 a-å, A-Å, 0-9, 33 symbols 10112 = 1.126825×1024 3.2 million years 16 a-å, A-Å, 0-9 6816 = 2.0899823×1029 60 billion years 16 a-å, A-Å, 0-9, 33 symbols 10116 = 1.1725786×1032 336 trillion years

Table 5.1: Password combinations, Time with our machine in mind

Mask Attack A Mask Attack is in essence an intelligent form of brute force. But instead of just running all possible combinations of characters we tell the attack what character sets to try at which position. Take the passwords "Joakim123", if this was to be attacked using a traditional brute-force attack it would take about 3 years for this password to be recovered using the math given above. But lets say we know that the password starts with a capital letter and contains numbers at the end. We could then give our tool the a mask that is structured to attack this. With this mask the attack would take about 90 minutes instead, considering the same math. A mask attack would also allow to add more speciﬁc information to the password and test combinations around this. Lets say we are looking for the password "student2011" and we know that it contains the "student" part. We can then add this to our mask and attack the subsequent missing part. An example mask for this inn hashcat would be student?a?a?a?a, this mask would then test the partial string "student" with all four character combinations, adding the function –increment would start from one character and work its way up to four.

Dictionary A Dictionary Attack is a type of brute-force attack, although it is a bit more reﬁned in its approach to cracking a password or passphrase. This attack is a rather signiﬁcant improvement on pure brute-force when it comes to longer passwords, as searching for passwords that are 8 characters or longer, is very costly —in terms of time —if we were to try all possible combinations. It is a password guessing technique that tries a list of words from a dictionary

31 file/database until it recovers the password(s) or reaches the end of the file [34]. This file or database usually contains a set of specific words that can be relative to the user or even a list of words less specific to one user.

• Examples of relevant information:

– Name, Username. – Names of family members or pets. – Address, place of work. – Places in their lives. – Dates in their lives.

• Examples of general lists:

– Male or female names. – Places. – Fictional character. – Titles of books, ﬁlms or tv shows. – Entire dictionary of a language. – Lists of password previously cracked. – List of most commonly used.

To increase the scope of the dictionary and to be more effective against password creation rules a dictionary can use mutation rules on the words [53]. Such as capitalizing words, raising/lowering case on any letter, and others like adding numbers or symbols before and/or after a dictionary word, changing letters of the word with the former. It is also possible to use a combination of relevant and general information, something like adding the date of birth with a name or place. Take the password "passord" or the person "Peter Nielsen" born at 28/02/1992 at Table 5.2.

Rule Mangled password passord123 123passord Adding character password! nielsen1 1petter pa$$w0rd Replacing letters n1els3n Password Capitalize or upper-casing paSswoRd nielSEN nielsen1992 Combining words password 2802 20password02

Table 5.2: examples of using mangling rules

This attack can be quite effective as the human mind is rather bad at creating passwords. Over the years many web services have had their password database leaked and cracked, like rockyou [54] and linkedIn. These cracked password ﬁles are online and readily available for download and use

32 for cracking other databases. The attack can be strengthened as people tend to reuse password over several services and platforms in their private life as well as on social media and in the workplace. As password databases leak and get cracked all the time —without the owner knowing it —reusing a password can be very risky with this attack in mind. Another version of this attack is a passphrase attack or a Combinator attack, where a string of common words is concatenated to create phrases.

Fingerprint Attack

A fingerprint attack is a fairly new, simple and powerful attack. It takes in common passwords or phrases and deconstruct them into single and multi- character combinations or "fingerprints". These "fingerprints" are then used to create candidates that are more likely used by a user. Take for example the word "cat", it would be turned into "c", "a", "t", "ca", "at", and "ct". Because of this it is very efficient in recovering password but very expensive in terms of computer power.

Hybrid Attack

A hybrid attack is an attack that uses 2 different attack types in conjunction. dictionary and brute-force for example, these two can create "password123" and the ﬂip side "123password".

Rainbow Table

Rainbow tables or lookup tables are tables of pre-computed hashes used for "reversing" the cryptographic hash function used, created by Philippe Oechslin [55]. A rainbow-table attack trades off the time usage for storage usage, meaning that it uses less time than a normal brute-force but more space. This time reduction comes from the fact that the attack does not need to hash a password before testing it. The tables themselves can be sized in the tens or hundreds of gigabytes (GB). Instead it just looks up the hash in the rainbow table and gets its corresponding plain-text. To reduce the required storage space the rainbow table creation uses a reduction function to create chains. It stores the starting plain-text password and ending hash of these chains. To create one of these chains one takes an initial password seed and hashes it, this hash is then sent into the reduction function —this must reduce the hash into something that is usable as a password —this result is thus hashed again end repeated for as many times as preset. A simple version of 3 reductions can be seen in Figure 5.1. Repeat this chain creation as many times as needed.

H(p0) → h0, R0(h0) → p1, H(p1) → h1, R1(h1) → p2..., Rn−1 → pn, H(pn) → hn

33 Figure 5.1: Simple Rainbow reduction [56]

Now to to recover/crack a password the hash of said password is sent trough the same process but this time all the links in the chain are preserved. Then each of these links is compared to all the ﬁnal values in the rainbow table. If there is a match that chain can be reconstructed, with all the links in both the hash chain and the reconstructed chain. The password is then contained within the reconstructed chain an can then be found, or at least a string that outputs the hash given. And due to the possibility of collision in a hash function the password is in reality not the true goal, only a string that produces the correct hash. A rainbow table can be created to a person’s needs or larger ones downloaded online, they are separated and categorized by the character sets and hash functions used. A person who often attacks password for what ever reason can then save time by reusing a rainbow table. A simple technique for blocking attacks using this technique would be to employ the use of password salt. Using a salt before a password is hashed ensures that it is unique and would then probably not resemble anything in the rainbow table. Another great countermeasure is the use of key stretching and iterations.

Mitigations to Computational Attacks Mitigations to an online brute-force attack should always start with an account lockout policy, where an account gets locked if there occurs a set amount of failed authentication attempts. The account should then be locked for a specified time set by the administrator or until the administrator opens the account again. Other than that there are many other mitigations, some that require the user to implement and other that require the system to enforce. A strong defence against an automated guessing attack is to use multi factor authentications. This would then mean that even if the attacker gains access to the password they are still missing a piece of the logon credentials. The problem here is deciding what factors to use, a biometric can be very expensive to implement and hard to scale, and the user might find this to be intrusive. Another option would be to use some form of token, this can be very cost efficient and non-intrusive. However one of the simplest to implement and most widely used is that of a challenge-response test such as a CAPTCHA, explained in Section 8.2. Attacks could also be slowed down somehow, one can slow down the hashing algorithm or test an attempt once every x seconds, this can also be extended to increasing the time for every failed attempt. The method mentioned above is extremely efficient when it comes to an online attack, but has very little meaning as far as an offline attack is concerned. In the case of an attack on an offline copy of the password data, other mitigations are needed. This is where things like the use of salt and password

34 policies became important. Longer and more complicated passwords —the former more so then the latter [41]—are key elements. Words that can be found in any dictionary, combos of these words or any variations should be avoided. The ﬁrst one is quite simple to implement and is usually done, whilst the second can be rather hard to, leaving it more to the owner of the password to consider. Another factor that falls squarely on the user’s shoulders are to never reuse passwords cross sites and systems, as breaches might not be disclosed.

5.1.2 MITM - Man-in-the-Middle Man-in-the middle or MITM attacks are ones where someone intercepts the trafﬁc between two or more systems. This would allow for an attacker to create a fake service, such as a a fake version of a website, or grab the packets sent from one to the other, a password or password hash might lay within these packets. This can be accomplished by using simple tools such as wireshark on wi-ﬁ or a cable network.

Password Reset Password-reset attacks work on the principle that a registration to a new site and the process of resetting a password are very similar. Take for instance a person who wishes to download a piece of software, a video or a picture of a website created by our attacker [57]. This website would then invite the person to create a free account to do so, not knowing that this is the start of a MITM attack. The attack would then use the information this new user enters into the registration to start a password reset on another site this user is a member of. The attacker would simply forward any information needed such as email address, phone number, security questions. See Figure 5.2 for an illustration. This could be a big problem for users as they tend to reuse usernames and passwords. Some mitigations to this attack are to use CAPTCHA challenges, security questions, codes on phones and reset links to email address [57]. Most of these do not really stop the attack from happening but may limit the attackers ability to automate. One effective mitigation technique is to use an email reset link which would require the attacker to gain access to the email of the victim, and could then stop an attack.

Figure 5.2: A password reset attack with CAPTCHA and a security question [57]

35 Password Capture or Password snifﬁng A snifﬁng is software that monitors and intercepts packages broadcasted over a network. This attack grabs the package in the hope that it contains useful information like usernames and passwords in our case. This attack is now more of historical interest as packages are now mostly encrypted, this was not the case back in the 1990’s when this attack was a real problem.

Mitigations against Interception-Based Attacks To avoid anyone from capturing a person’s password, if in plain-text, via intercepting a packet over wi-fi or other networks, protocols and encryption of data should be used, like TLS certifications. Luckily this is today the norm and not really within the scope of this paper, which is why we will not delve into it here. While capture is no longer a significant security concern, MITM attacks still are. To combat them there are some security policies that can be put to use, like avoiding the use of static security questions and email a notification whenever a reset process is initiated. Service providers should also set a time limit on the validity of a reset code that is sent as email or SMS.

5.1.3 Key Logger Key Logger, key-stroke logger or keyboard capture, is a technique that captures any keys strokes that are struck on the keyboard. These key loggers can come as both software and as hardware-based solutions that are usually designed for private people and enterprises to monitor the use of their computers. Even though they are legal to use, they can also be used for illegal, unethical and malicious reasons. It is possible to install these loggers to work invisibly in the background and even hidden from security programs. One does not need physical access to a machine to install some of these loggers, and receive the resulting logs over online protocols. But it is also possible to latch a hardware version to the machine itself, for example between the keyboard and the computer. As they can capture all the keystrokes, they work perfectly for stealing passwords and other credentials.

Mitigations Against Key Loggers Luckily countermeasures against loggers do exists, some are built into most operating systems, others are additional software and a few are in the way the system is run. The use of the on-screen keyboard does not get logged by the keystroke logger, using an OTP means that the password would be useless to anyone that reads the log. One can install anti-keystroke logger such as SpyShelter, anti keystroke interference software and boot using USBs or live CD/DVD. These are not the only countermeasures that exist but it is to name a few of the more common ones.

5.1.4 Social Engineering Social engineering is about exploiting the weakest part of the password, namely its owner. It is an action were an attacker prays on the password holder’s naivety, gullibility or digital ineptitude as well as people’s trust and wish to help. It is a conﬁdence scheme that could allow for an attacker to gain the password(s) of a single person or many, all without ever trying to crack it.

36 This can of course be done for other reasons than to gain a person’s password, as well as for legal reasons. Not everyone is utilizing social engineering for a malicious purpose, other possible uses could be to ﬁnd security holes within an enterprise. There are several different ways to execute a social engineering attack on someone, some of them can be done in a quick and easy way, while some might take some time and research to accomplish. Although they may vary in how they are carried out they are always based on some form of psychological manipulation.

Phishing

Social engineering is typically used as part of phishing scam. This is probably the most used version of social engineering as it does not require much human interventions to pull off, it can easily be automated [58] and can pretty much be completed 100% online. Phishing operations also have the added beneﬁt that they can be outsourced [58]. It is are mainly carried out over email [58], but has also been known to happen over instant message [59]. There are of course other forms that use approaches done over the phone or over text messages, such as vishing and SMishing [58] respectively. The way these methods work is that the attacker sends out a slew of emails to a list of people, usually obtained by a spam operation [58]. This email typically has a spoofed sender address that is trusted, some form of message that might create some sense of urgency or interest, pray on greed or fear or use other tricks to con a person. All this is done to make the victim open a malicious link that asks for personal and sensitive information, such as usernames and passwords or banking information. Other agendas may be to make the victim open some sort of attachment containing malware or spyware. These scams can end up having a relatively high rate of success [58]. An example of one of these emails can be seen in Figure 5.3

Figure 5.3: Example of phising email, claiming to be PayPal [60]

These attacks do not affect the victim of the attack alone, they might also have an effect on the organization that has been used as a shill. This might cause loss of trust, costs on customer service, to handle support or complaints,

37 or in reimbursements, it can effect their other customers as well, in the form of raised fees to cover costs. Unfortunately another problem concerning these attacks is that a victim is in high risk of being revictimized. There are obviously some ways to detect or determine if an email is a phishing scam or a legit email.

• The email is poorly written: If it contain misspelled words or uses bad grammarization this is a red ﬂag. The latter more so than the former due to spell check. This could come from the use of google translate.

• If it contains some suspicious links or attachments

• May contain a sense of false urgency so not to think to much about the oddity of the email itself.

• It is sent from some public email domain, such as @hotmail.com, @yahoo.com and @gmail. Companies usually have their own domain and will not be using these. It is important to check the actual domain and not just the sender, can be seen in Figure 5.3. This may be problematic if some form of domain spooﬁng is used [61].

• Check for misspellings in the domain name. i.e "rn in place of m or capital I in place of lowercase l

Spear Phishing

Spear phishing is a sub-category of phishing that works much like the aforementioned attack. Where the two attack methods differ is that general phishing scams is based on sending to the masses, whereas a spear phishing is attacking a speciﬁc target. This may be a single person, a company or an organization like a school. A spear phishing attack is thus more reliant on doing some research on the target. Types of reconnaissance information can be; to ﬁnd out if there is any event to take advantage of, or if there is anyone that can be referenced in the email or maybe an internal protocol that can be mentioned. Another form of this method is known as whaling, where a more senior employee is targeted.

Baiting

Baiting is a lot like phishing, where they differ is that baiting mostly uses physical media. The attack method relies on a person’s curiosity or greed. This technique is performed by enticing the victim with some form of "reward", like a music or movie download, maybe a flash drive or a DVD. This reward is laced with a Trojan or other malware that can gather sensitive information —login credentials, banking information or other valuable data —on the host system and then replay it to the attacker. An attack like this was carried out by man called Steve Stasiukonis [62]—VP and founder of Secure Network Technologies Inc. —back in 2006. The attack was done by filling 20 USBs with Trojans that would gather login information and email it back to them. These USBs were then scattered around the corporation that had hired them and picked up by employees which would then plug them in. The attack was very successful as 15 out of the 20 devices had been found and plugged inn. The benefits of this attack are that it is extremely simple to pull off, and carries very low risks of getting caught.

38 Quid Pro Quo Quid Pro Quo means "Something for something" or "This for that". The Quid Pro Quo attack resembles the above mentioned baiting attack. But were baiting offers some form of goods —USB, CDs, etc. —Quid Pro Quo usually offers some kind of service as a bait to trick users to give sensitive, critical information or perhaps login credentials. These attacks are often perpetrated by someone pretending to be an IT professional that is contacting to help with a piece of spyware or virus. Other and strangely successful versions have been people giving up their passwords for a cheap pen [63] or sweets [64].

Shoulder Surﬁng This "attack" can easily be explained by its own dictionary deﬁnition, given by the Oxford English Dictionary.

The practice of watching a person who is getting money from a machine, ﬁlling out a form, etc., in order to ﬁnd out their personal information [65].

Mitigations Against Social-Engineering Attacks When people are the weakness the best choice is then to strengthen people, in this case their knowledge and awareness. The best way to ﬁght social engineering attacks is to teach people what it is and how to recognize it. There are organizations and websites that do this, like FraudWatch International which provides alert of the newest phising scams [66]. A good way to learn is maybe to fall victim, now this would be rather bad, but it can also be done in a somewhat safe environment. Companies can run a controlled and simulated phishing campaign on their employees or they could hire another company to do it. Again, the seemingly almighty principle of multi-factor authentication returns as a viable option in this case as well. This is not to say that training is the only options or that all the responsibility to avoid attacks falls on the possible victim. The implementation and use of ﬁlters on email systems can be effective [67][68]. What if the phishing does not happen over email, what if it occurs on a website? Thankfully, web browsers usually come with the ability to warn of suspicious pages [61].

5.2 Data Breaches

A data-breach is when a collection of data, in for example containing login credentials and user information, is released either intentionally or by accident. Intentional data breaches can be caused by a person or an organization attacking a collection of digital data. This can be done for personal and malicious use by a hacker, organized crime or maybe a group of political activists. A breach can also be caused by careless and irresponsible discarding of data storage or other computer equipment. A deﬁnition for data-breaches by ISO/IEC 27040 is: Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed [69]. In this section data-breaches, breaches and leaks may be considered synonymous with each other. The consequences of these breaches can be vast and wide-reaching. To people this may be as little as someone stealing some non-important

39 information —which in the days of social media can probably be easily accessed anyway —to the loss of more sensitive information such as financial and logon credentials or even as severe as identity theft. These breaches can of course also leave the credential owners open to new attacks, like the one in regards to the leak from the website rockyou!. In the case of rockyou!, which was a company founded in late 2005 that developed widget for other sites like mySpace, their database was leaked in December of 2009 [70]. This database was insecure, stored in plain-text and contained approximately 32 million different user accounts [54]. Due to reuse of passwords this leak left a lot of weak passwords compromised for different purposes. Today a wordlist containing these passwords, without duplication known as the "rockyou.txt" file is used in dictionary attacks. This reuse of passwords and in many cases the lack of the service providers failing to disclose the fact that their data has been leaked [71] or the users not checking their credentials frequently against these breaches [72], leaves these credential at risk not only on breached domains but also at several current and future user registrations. A breach also leaves the user vulnerable for possible credential stuffing attacks, this is when one injects a pair of username and passwords from one or several data-breach(es) against a login, a sort of subcategory of a brute-force attack. A paper on credential stuffing by google had this to say about the problems regarding the topic on this type of attack [73], “Protecting accounts from credential stuffing attacks remains bur- densome due to an asymmetry of knowledge: Attackers have wide- scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation,” Organizations also feel the consequences of these breaches, This can come in the form of large scale costs and losses. In the late 2013 the US retailer Target had a data-breach that lead to sever losses for the giant. This loss was a result of several individuals and several banks that were effected by the leaked information (mainly credit card) filing lawsuits against the retailer for negligence and compensation for damages [74]. They also suffered an almost 50% fall in their profits the following holiday, this was a symptom of the customers losing faith in the chain. All in all Target reported, in 2015, a total cost of 290 million dollars US in losses due to the the data breaches [74]. Other costs may stem from the necessity to notify the individuals that are effected by the data-breach as well as possible penalties, the requirements of notifications and penalties may differ based on jurisdiction. Another case is Merriots, a wast chain of hotels and resorts. In 2014 a data breach released the information of about 383 million guests leading to a 99 million GBP in fines by the U.K’s Information’s Commissioner’s Office (ICO) [75]. In the past banks would consider the losses of identity fraud as acceptable as the cost of doing business, but as these breaches change the landscape of identity theft banks are now starting to go after the corporations that are responsible for the security of the information leaked [76]. The reputation of these organizations and corporations as well as the peoples trust in them can be severely damaged, which can lead to large-scale losses in revenue [74]. Malicious individuals or organizations can also utilize the information in these breaches to attack the affected cooperation or organization with DDoS ( Distributed Denial of Service), attacks using the login credentials to overwhelm their servers. Not to mention the havoc an attacker could cause in case administrator passwords are is among the information disclosed in the breaches. The damage can be worsened by the fact that people end up reusing

40 the password they have on sites with possible lower security, like shopping or entertainment, on those with higher need of security, like ﬁnancial and banking. Google in a study of the information gathered by their chrome extension Password Checkup found that 1.5% of the user’s new login credentials were ﬂagged as unsafe. Most people would maybe think, that there is little probability of being affected, but earlier this year, 2019, over 2.6 billion pairs of emails and passwords were released free on the Internet, this leak is mostly known as collection #1 [77][77]. Collection #1 is a collection of several large data breaches from over the years, and could for a little while be found on the cloud-service site MEGA before being removed, and can today be found on several different torrent sites. This paved the way for 4 further collection of password breaches, know as collection #2 - #5, totaling in approximately 2.2 billion unique usernames and associated passwords, leaving the likelihood of one single individual being affected relatively high.

Luckily for users there are websites and extensions that can help you avoid using passwords that are already leaked or to just check if any of your current passwords or emails are within any known leak and cracked databases. One of these are the aforementioned chrome extension Password Checkup provides by google, this extension monitors a login and alerts the user in case of any matches to a leak see Figure 5.4a. Another choice is to use the webpage known as "haveibeenpwned.com" run by Troy Hunt who is Microsoft Regional Director. His site lets you specify a password or an email address and lets you know if it is leaked, see Figure 5.4b. His site also offers the user to leave a "notify me" with an email address to be monitored for future breaches.

41 (a) Google alerting leaked credentials [78]

(b) Password has been "pwned" [79]

Figure 5.4: A couple of tools to identify possible password leaks

5.3 Password Attack Tools

Now that we have seen what types of attacks that are out there in regards to acquiring a person’s password or login credentials, let us take a look at the tools that can be used to perform these attacks. Just like almost everything else in our daily life, there is a large variety of tools to use. Just a simple online search for "password penetration tools", on your search engine of choice, will give you millions of results. The top searches will probably be some form of list containing "Top 10 Password cracking tools" or "Most popular password cracking tools". Open any of these and you will get a nice explanation of the tools, as well as a list of pros and cons of each tool. Here people can most likely find the tool that is most suitable for them. Although there is a myriad of tools you can choose from, it is important to find the one(s) that is best suited for the type of attack you will be perform. You need to know the variables of your attack in order to find the best tool. Are you doing a computational attack on a hased password, are you trying to

42 intercept password trafﬁc or are you going to "attack" the owner of the secret you want? Are you attacking a password computationally, are you doing so online or on an ofﬂine copy? Is your intent to somehow take advantage of the human element, are you doing so online or are you going to try a bit more physical approach?

In this section some of these tools are explained, in terms of what they are called, what their features are, what attacks they support, and which operating system they can run on. We look at the cracking tools Brutus, Cain & Abel, John the ripper, Hashsuite, THC Hydra, AirCrack NG, RainbowCrack and Hashcat We also explain a couple of packet sniffers like WireShark and WinDump. We also mention some tools that help with phising simulation, such as Gophish, Ghost phisher and Social Engineer Toolkit (SET).

5.3.1 Brutus

Brutus, see Figure 5.5, is a remote password-cracking tool that is used for attacking online authentication. It was ﬁrst released in 1998 and only has support for the Windows operating system. It was originally created to test for common or default passwords on routers using a dictionary attack. The tool has support for multi-stage authentication and can connect to up to 60 targets simultaneously. It can be used on protocols like HTTP —both basic authentication and HTML Form/CGI —, POP3, FTP, SMB, Telenet, and it is possible to import other protocols, such as IMAP, NNTP, etc from their website. It is also possibly to create one’s own authentication types and share it with others [80].

43 Figure 5.5: Brutus on Windows [81]

5.3.2 Cain & Abel

Cain & Abel, seen in Figure 5.6, is a password recovery tool that runs on Microsoft Windows only. The software can recover cached passwords and crack passwords using dictionary- and brute-force attacks as well as cryptoanalysis. It also has support for recording Voice over IP and snifﬁng several protocols like SSH-1 and HTTPS. Cain & Abel has the ability to capture credentials from a wide selection of authentication protocols.

44 Figure 5.6: Cain & Abel on Windows [82]

5.3.3 John the Ripper John the Ripper, seen in Figure 5.7, is an open-source terminal-based password cracking tool that works on Unix systems, MacOS and Windows. There also exists a GUI based version named Johnny the Ripper. The distributor of John, openwall, also has another Windows hash cracking tool known as Hash Suite, explained in Section 5.3.4, and its mobile application counterpart for Android, Hash Suite Droid. It is free to use but also comes in a Pro edition that is built to deliver a product that is tailored for speciﬁc operating systems [83]. This tool supports several different attack types, Wordlist/dictionary, single-crack (explained in the next subsection), incremental —also known as brute-force —and even the ability to create your own modes [84]. It also allows for a quite large selection of word mangling rules, where a few rules are listed below:

• Adding numeric constants and variables

• Capitalize, convert to lower case, convert to uppercase and toogle case.

• Reverse the word, or duplicate the word.

• Rotate the word left "word" to "dwor" or to the right "word" to "ordw".

• Append or preﬁx a character.

• Pluralize, English grammar and lowercase only.

• Delete or insert character at start, end or position n.

John can crack several password hashes, such as traditional-DES, BSDi extended-DES, MD5, blowﬁsh-based, LM, NTLM, SHA, and the -jumbo edition adds support for hundreds more. The tool has a build in feature to restore an interrupted session to a checkpoint, regardless of whether this is done manually or due to a possible crash. To increase the efﬁciency of an attack John can take advantage of multiple CPU cores and even multiple CPUs, this feature is only available on Unix systems however. It can unshadow password

45 files, this is done by combining the shadow file with the passwd file. Other useful functions is the ability to crack salted hashes with a salt variable. [85]

Figure 5.7: John the Ripper on Linux [86]

Single crack mode

This mode will use the name, username and users home directory names as candidates for an attack. This is done in combination with a large set of different word-mangling rules. This is used only on the account the information is connected to, as well as other accounts that are associated with the same salt.

5.3.4 Hash Suite

Hash Suite is a Windows-based hash "cracking" tool with a GUI. It has support for 12 different hashes, seen in Table 5.3, as well as salted hashes. It can run on multiple CPUs as well as on multiple GPUs in its pro edition. This to attack with several types of attacks, dictionary, brute-force, ﬁngerprint and phrases. In this tool the dictionaries used may be in a compressed state like a zip or tgz ﬁle. The program can generate a report with statistics.

LM NTLM Raw-MD5 Raw-SHA1 Raw-SHA256 Raw-SHA512 DCC DCC2 SSHA, MD5CRYPT BCRYPT WPA-PSK

Table 5.3: Hash suite supported Hashes

5.3.5 THC Hydra

THC Hydra, seen in Figure 5.8, is a remote authentication cracking tool that is supported on unix-based systems, MacOS and Windows through the use of cygwin (explained in Section 8.3), and even some mobile platforms such as Android. It can run both dictionary and brute-force based attacks against over 50 different protocols, including but not limited to HTTP, telnet, ftp as well as several database types. The attacks allow for the use of a single user or a user list as well as a single password or a chosen password attack. Hydra can run on parallel connects and reports its ﬁnding in an output ﬁle [87].

46 Figure 5.8: THC Hydra on Unix [88]

5.3.6 RainbowCrack

RainbowCrack, seen in Figure 5.9, is a password cracking tool that utilizes rainbow tables. It was created by Zhu Shuanglei for Unix and Windows systems. It has support for several hash types and on their website it is possible to download a lot of rainbow tables [89]. A tool for the creation of new rainbow tables comes with RainbowCrack, seen in Figure 5.10.

Figure 5.9: RainbowCrack on Windows [90]

47 Figure 5.10: Raibow table generation with RainbowCrack [90]

5.3.7 Hashcat

Hashcat, seen in Figure 5.11, is a very versatile password-cracking tool that has support for Unix, Window and MacOS. It can run several different attacks, brute-force or mask, dictionary and hybrid to name a few. The tool can crack multiple hashes simultaneously and boosts it efficiency by using multiple devices at once. It allows for multiple GPUs and CPUs to work in parallel to enhance its computing power. Hashcat has support for over 200 hash algorithms, among them are MD5, SHA-512, LM and NTLM even with salt. In case of crash, failure or the need to stop the tool, it lets the user restore a cracking session from its last checkpoint. Under mask attack it allows for a mask to be written directly into the terminal command line or even the use of a mask file. It is also possible to use one of hashcat’s special character files to implement the use of country specific characters, like the German umlaut, in brute-force or mask attacks. A mask attack can also increment its length in order to test for passwords of a known structure but unknown length, this is also supported in hybrid attacks. A dictionary attack can include special characters such as the Norwegian ’æøå’ as well as the use of multiple dictionaries at once. During the attack Hashcat has the ability to perform a myriad of word mangling rules as specified in the start command, this can be directly in the terminal line or included using a rule file. During the attack Hashcat allows for the monitoring of progress using the terminal. This would include the ability to see a status report with statistics such as time elapse, estimated time remaining, passwords recovered and keyspace tried. When all this is done the tool can print out a report containing the information wanted in several different formats. The tool is quite versatile as it allows for many different add-ons and contains several different utilities. Examples are the support for use of several machines in a node structure, and the possible merging of several dictionaries [91].

48 Figure 5.11: HashCat MD5 Benchmark on Windows

5.3.8 AirCrack NG

Aircrack-ng, seen in Figure 5.12, is the new generation (ng) of aircrack that was released in 2006. It is —in the publisher’s own terms —a complete suite of tools to assess WiFi network security. The tool is terminal-based and runs using command lines. It can be installed on Unix, Windows via cygwin and on MacOS using Xcode. Aricrack allows for the monitoring and the capture of packets, as well as several attacks like replay and deauthentication. It can also crack WEP and WPA PSK, both 1 & 2, with the use of a dictionary attack [92].

Figure 5.12: Start monitoring wireless adapter in aircrack using backtrack [93]

5.3.9 WinDump

WinDump is the Windows edition of tcpdump which is a terminal-based network-packet analyzer tool for Unix [94].

49 5.3.10 Wireshark

Wireshark, seen in Figure 5.13, is a network/packet analyzer that was originaly released as Ethereal in 1998, then rebranded and released in 2006. It is a program that runs on Unix and Windows. The program is designed capture packets and display them as detailed as possible. Wireshark can search, ﬁlter and export packets, as well as the ability to import packets from other packet- capture programs.

Figure 5.13: Wireshark snifﬁng packets [95]

5.3.11 Gophish

Gophish, seen in Figure 5.14, is an open-source phishing toolkit that is used to simulate phishing. It is built to help penetration testers and corporations to identify holes in their organization. It has support for operation systems like Windows, MacOS and unix. Among its functions is the ability to build groups and templates. The tool lets its user setup, schedule and deploy campaigns, view and export detailed reports. Gophish has support for sending HTML pages that can link to other pages as well as the capture of credentials [96].

50 Figure 5.14: Gophish result template [96]

5.3.12 Social Engineer Toolkit (SET)

Social Engineer Toolkit, seen in Figure 5.15, is toolkit for social engineering attacks for Unix and MacOS. It was created by TrustedSec’s to ﬁll a void in the penetration tasting community [97]. It focuses on attackin a person or oganization via exploiting curiosity, greed or stupidity. SET offers several attack vectors, over email, a webpage, a USB or through SMS.

51 Figure 5.15: Social Engineer Toolkit main manu [98]

52 Chapter 6

Experiment

Now that we have taken a good look at the theoretical background of user authentication credentials known as the password, it is time to proceed to the practical work of attacking some password files. Below we briefly describe the techniques used to crack the passwords and what passwords will be cracked. We attack an offline copy of a specific data breach merged with a collection of several other breaches.

6.1 The Machine and Software

In this attack the machine is a gaming system built by the author. The system contains the following relevant components.

• A AMD Ryzen 7 1700 processor with eight-cores, each with a 3.00 GHz clock speed, • 16 GB of RAM. • A GeForce GTX 1060 graphics card with 6GB of VRAM • 64-bit version of Windows 10

We use the software Hashcat, explained in Section 5.3.7, to crack our passwords. A benchmark test of this machine’s relevant hash cracking speed is illustrated in Figure 5.11.

6.2 Datasets

We ran an attack on a merging of two different sets of password ﬁles, one of them is a data breach from a website called "hemmelig.com". A short explanation of this leak is given in Section 6.2.1. Another set contains passwords taken from the breach from early 2019 known as Collection #1. The information taken from Collection #1 is that it contains passwords belonging to user who registered using an email that ends with the ".no" domain as this is the only real indication we have that it is most likely a Norwegian user. Both of these databases are encrypted using the MD5 hash function. It is also important to mention that these are collections of passwords used on websites or other services on the Internet. All the information from this set has been "sanitized" and anonymized for the owner’s protection and given to us by an (anonymous) source.

53 As a preparation to attack these two password databases from one speciﬁc data-breach and one from a large collection of data-breaches, we are armed with a ﬁne collection of different dictionaries that might be relevant for Norwegians. These dictionaries are:

• 1920-2020.txt containing all years from 1920 to 2020.

• countries.txt contains countries in English and in their native languages.

• dates.txt all day month combinations both in European and American formats. this has been merged with 1920-2020.txt

• english3.txt with about 700863 English word.

• fotball.txt Contains a set of football teams in Norway.

• håndball.txt Contains a set of handball teams in Norway.

• ishockey.txt Contains a set of icehockey teams in Norway

• sports.txt A merging of the above three.

• land.txt Conatins contry names in Norwegian.

• stedsnavn.txt Contains the names of cities and other places in Norway.

• land_sted.txt A merging of the above two.

• movie-characters.txt Contains a list of characters from movies.

• movies-general.txt Contains a list of general movie information.

• names_large.txt A large lsit of names from all over the world.

• names_large_dates.txt Combined list of names_large.txt and dates.txt with names followed by dates.

• dates_names_large.txt Same as above but the other way around.

• names_norwegian.txt Contains a list of typical names, both ﬁrst and last.

• names_norwegian_dates.txt Contains a combination of names_norwegian.txt and dates.txt with names followed by dates.

• dates_names_norwegian.txt same as above but other way around.

• norske_epost_adresser.txt Contains a list of common Norwegian email domains.

• norske_ord.txt Contains almost 800.000 Norwegian words.

• places.txt Contains a list of names for cities and places in English.

• rockyou.txt Contains the passwords from the rockyou breach.

In addition we also use a selection of different rule ﬁles that are used to mangle the words in several different ways.

• basic.rule a set of basic rules that comes with Hashcat.

• basic2.txt a changes version of basic.rule that handles cases with Norwegian letters.

54 • rockyou-30000.rule a rule based on the canges done to the passwords in rockyou.txt

• OneRuleToRuleThemAll.rule A versitile rule made by merging other rule ﬁles. Made by NotSoSecure [99].

We also have a character set with Norwegian characters used in a mask attack called norwegain.hcchr.

6.2.1 Hemmelig.com

"Hemmelig" is the Norwegian word for "secret", and the webservice Hemme- lig.com is in their own words Norway’s largest website for sexual meetups [100]. These meetups are usually between two people who are already in a commit- ted relationship with a partner. At the end of 2011 hemmelig.com the target of a hacker group known as "Team Appunity" who shared the website’s user information on various online ﬁle-sharing sites [101]. This leak contained all sorts of information about approximately 28.000 of their users. Among this information where their usernames, emails, password and several pieces of personal information [79].

6.3 More on Hashcat

As Hashcat is going to be our tool for the attack we should go over some of its command options. These can be found and explained by running Hashcat with the help option -h. First comes its attack parameter, this parameter tells hashcat what type of attack to perform on the given ﬁle, this parameter would be -a followed by a number, where the possible numbers are listed in Table 6.1

Number mode 0 Straight 1 Combination 3 Brute-force 6 Hybrid Wordlist Mask 7 Hybrid Mask Wordlist

Table 6.1: Attack Options

The next parameter to be considered is the one that tells hashcat what type of hash scheme or encryption is used in the ﬁle. This paramater is -m again followed by a number, where hashcat supports over 200 different types of hashes and encryption, where only a selected portion of these can be seen in Table 6.2.

55 number name Category 900 MD4 Raw Hash 0 MD5 Raw Hash 5100 Half MD5 Raw Hash 100 SHA1 Raw Hash 1300 SHA2-224 Raw Hash 1400 SHA2-256 Raw Hash 10800 SHA2-384 Raw Hash 1700 SHA2-512 Raw Hash 17300 SHA3-224 Raw Hash 17400 SHA3-256 Raw Hash 17500 SHA3-384 Raw Hash 17600 SHA3-512 Raw Hash 10 md5($pass.$salt) Raw Hash, Salted and/or Iterated 20 md5($salt.$pass) Raw Hash, Salted and/or Iterated 30 md5(utf16le($pass).$salt) Raw Hash, Salted and/or Iterated 40 md5($salt.utf16le($pass)) Raw Hash, Salted and/or Iterated 3800 md5($salt.$pass.$salt) Raw Hash, Salted and/or Iterated 3710 md5($salt.md5($pass)) Raw Hash, Salted and/or Iterated 4010 md5($salt.md5($salt.$pass)) Raw Hash, Salted and/or Iterated 4110 md5($salt.md5($pass.$salt)) Raw Hash, Salted and/or Iterated 2600 md5(md5($pass)) Raw Hash, Salted and/or Iterated 3910 md5(md5($pass).md5($salt)) Raw Hash, Salted and/or Iterated 4300 md5(strtoupper(md5($pass))) Raw Hash, Salted and/or Iterated 4400 md5(sha1($pass)) Raw Hash, Salted and/or Iterated 110 sha1($pass.$salt) Raw Hash, Salted and/or Iterated 120 sha1($salt.$pass) Raw Hash, Salted and/or Iterated 130 sha1(utf16le($pass).$salt) Raw Hash, Salted and/or Iterated 140 sha1($salt.utf16le($pass)) Raw Hash, Salted and/or Iterated 4500 sha1(sha1($pass)) Raw Hash, Salted and/or Iterated 4520 sha1($salt.sha1($pass)) Raw Hash, Salted and/or Iterated 4700 sha1(md5($pass)) Raw Hash, Salted and/or Iterated 4900 sha1($salt.$pass.$salt) Raw Hash, Salted and/or Iterated 14400 sha1(CX) Raw Hash, Salted and/or Iterated 1410 sha256($pass.$salt) Raw Hash, Salted and/or Iterated 1420 sha256($salt.$pass) Raw Hash, Salted and/or Iterated 1430 sha256(utf16le($pass).$salt) Raw Hash, Salted and/or Iterated 1440 sha256($salt.utf16le($pass)) Raw Hash, Salted and/or Iterated 1710 sha512($pass.$salt) Raw Hash, Salted and/or Iterated 1720 sha512($salt.$pass) Raw Hash, Salted and/or Iterated 1730 sha512(utf16le($pass).$salt) Raw Hash, Salted and/or Iterated 1740 sha512($salt.utf16le($pass)) Raw Hash, Salted and/or Iterated 14000 DES (PT = $salt, key = $pass) Raw Cipher, Known-Plaintext attack 14100 3DES (PT = $salt, key = $pass) Raw Cipher, Known-Plaintext attack 1411 SSHA-256(Base64), LDAP SSHA256 HTTP, SMTP, LDAP Server 1711 SSHA-512(Base64), LDAP SSHA512 HTTP, SMTP, LDAP Server 3000 LM Operating Systems 1000 NTLM Operating Systems 1500 descrypt, DES (Unix), Traditional DES Operating Systems 12400 BSDi Crypt, Extended DES Operating Systems 6800 LastPass + LastPass sniffed Password Managers 6600 1Password, agilekeychain Password Managers 8200 1Password, cloudkeychain Password Managers 99999 Plaintext Plaintext

Table 6.2: A selection of supported encryption scheme 56 When the attack specification is complete you might want to add some rules on how the words in a dictionary can be altered. There are several ways to do so, -j sets a single rule to the dictionary on the left, -k sets a single rule for the dictionary on the right and -r adds a rule file or files to a single dictionary. What these rules are can be found in Table 8.1. In the case of debugging, you could use the debug-mode=X and debug-file=filename, the latter tells Hashcat where to store the debug output and the former tells it what to log, the different debug modes are liste in Table 6.3.

Number Debug Type 1 Finding-Rule 2 Original-Word 3 Original-Word:Finding-Rule 4 Original-Word:Finding-Rule:Processed-Word

Table 6.3: The Debug Option For Hashcat

6.3.1 Test Case To make it easier to explain some of the password attacks that were executed during the experiment we need someone to refer to. So meet the ﬁctional person Håkon Ødegård, Håkon was born in Trondheim on the 14th of Oktober 1975. He has a dog called Sjefen which he got in 2011, his favorite movie is Star Wars, and as he is from Trondheim he is a Rosenborg supporter.

6.4 Going on the Attack

After having speciﬁed all the paramaters, the attack execution begins. First up are numbers, where a few lengths of numbers are tried. Then we do a typical attack using some lists of common and previously leaked passwords. From there we move on to trying some Norwegian dictionaries, that contain Norwegian and Norway-speciﬁc information. After this we try using some English dictionaries, some with similar information as those used in Norwegian. Lastly we add this Norwegian attack after the English to see what the difference might be.

6.4.1 Brute Before we go on to do any intelligent search using dictionaries of password lists, let us try a quick brute-force attack with an acceptable search-space. We ﬁll four characters is way to small and that spending the over 10 hours it would take to do this with eight characters, we will go for up to six. hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt

57 Time.Started.....: Fri Oct 25 15:43:20 2019 (7 mins, 32 secs) Time.Estimated...: Fri Oct 25 15:50:52 2019 (0 secs) Guess.Mask...... : ?2?2?2?2?2?2 [6] Guess.Charset....: -1 \charsets\standard\norwegian.hcchr, -2 ?a?1, -3 Undefined, -4 Undefined Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 3472.3 MH/s (3.32ms) @ Accel:256 Loops:64 Thr:256 Vec:1 Recovered...... : 75018/394013 (19.04%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:71,N/A,N/A AVG:8493,509627,12231057 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 81c Fan: 83% Util: 86% Core:1822MHz Mem:4006MHz Bus:16

Started: Fri Oct 25 15:42:25 2019 Stopped: Fri Oct 25 15:50:53 2019

As we can see it would take less then 10 minutes to do such an attack. Here we recovered passwords with the length of one to six character. Which turns out to be approximately 19% of our passwords. To not effect what we can recover in further test we back-up our results and rest.

6.4.2 Numbers We start with the simplest of attacks by trying numbers, we begin with all the numbers of 4 digits. To do this we use a brute-force attack which in Hashcat is done with a program’s mask attack. The appropriate command is: hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 17:11:39 2019 (7 secs) Time.Estimated...: Mon Oct 21 17:11:46 2019 (0 secs) Guess.Mask...... : ?d?d?d?d [4] Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 7308.9 kH/s (0.13ms) @ Accel:512 Loops:10 Thr:256 Vec:1 Recovered...... : 1515/394013 (0.38%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13769,826162,19827909 (Min,Hour,Day) Progress...... : 10000/10000 (100.00%) Rejected...... : 0/10000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-10 Iteration:0-10 Candidates.#1....: 1234 -> 6764 Hardware.Mon.#1..: Temp: 55c Fan: 32% Util: 6% Core:1885MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 17:11:33 2019 Stopped: Mon Oct 21 17:11:47 2019

58 Numbers with 4 digits can be anything which the user would probably also use as a PIN code or a lock/locker combination. Where these numbers really come from would be anyone’s guess, it could be dates like the person’s birthday, a loved one’s birthday or maybe the "randomly" generated PIN number they received with their first debit or credit card. Just to see what might be dates we turn to regex, explained in Section 8.9. First we go for years, but as years could be in theory the whole range from 0000 to 9999 we will focus on the ones between 1900 and 2099. We use the search :(19|20)\d\d$ on our output and find that 95 entries match this. Next are the dates, but as there are two readily used formats for dates we have to check both. The first of these date formats is the one that Europeans mostly use, the day/month format. To find these we use :(0[1-9]|[12]\d|3[01])(0[1-9]|1[0-2])$ and find 317 passwords that match this format. Lastly we check for the format that is most popular in countries like America, the month/day format, we use the search :(0[1-9]|1[0- 2])(0[1-9]|[12]\d|3[01])$ and find that a total of 158 passwords that match this format. All in all of our 475 of the 1515 recovered passwords are probably a year or a date, which represents a little under one third of all passwords. Continuing to the next logical number combination to be attacked using a mask is the set of all numbers with 6 digits, this is done with the command: hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 17:39:39 2019 (34 secs) Time.Estimated...: Mon Oct 21 17:40:13 2019 (0 secs) Guess.Mask...... : ?d?d?d?d?d?d [6] Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 719.0 MH/s (0.61ms) @ Accel:128 Loops:100 Thr:256 Vec:1 Recovered...... : 9101/394013 (2.31%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13714,822855,19748539 (Min,Hour,Day) Progress...... : 1000000/1000000 (100.00%) Rejected...... : 0/1000000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-100 Iteration:0-100 Candidates.#1....: 120123 -> 688373 Hardware.Mon.#1..: Temp: 55c Fan: 33% Util: 5% Core:1835MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 17:39:34 2019 Stopped: Mon Oct 21 17:40:14 2019

The choice of finding 6 digit numbers comes from the fact that this is the length of a person’s birthdate with the year, to the decade. This attack could be done with a bit more thought and finesse using a custom mask like -1 0123 ?1?d?1?d?d?d. This mask only tests numbers 0, 1, 2 or 3 for the first and third digits as the months are never higher then 12 and days are never above 31, so going into the 40’s is unnecessary. But we have to test for both dd/mm/yy and mm/dd/yy formats. This was not done as the time cost of the custom mask attack is almost the same as testing all possible 6 digits, relatively speaking. As we would also like to know how many of these might be birthdays we took a dive into the output files. A quick regex search with

59 :(0[1-9]|[12]\d|3[01])(0[1-9]|1[0-2])\d\d$ tells us that 3706 of our recovered passwords match the format dd/mm/yy. Another regex search using :(0[1- 9]|1[0-2])(0[1-9]|[12]\d|3[01])\d\d$ tells us that 1511 of them match the mm/dd/yy format. A total of 5217 out of the 7586 newly recovered passwords match a date format, which represents about 68.77%. Next in our search for relevant numbers is to test the 8 digit combinations, which is done with the command: hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d?d?d

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 17:42:25 2019 (20 secs) Time.Estimated...: Mon Oct 21 17:42:45 2019 (0 secs) Guess.Mask...... : ?d?d?d?d?d?d?d?d [8] Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 5445.2 kH/s (3.70ms) @ Accel:128 Loops:125 Thr:256 Vec:1 Recovered...... : 13888/394013 (3.52%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:14362,861749,20681986 (Min,Hour,Day) Progress...... : 100000000/100000000 (100.00%) Rejected...... : 0/100000000 (0.00%) Restore.Point....: 100000/100000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:875-1000 Iteration:0-125 Candidates.#1....: 46845678 -> 68874949 Hardware.Mon.#1..: Temp: 52c Fan: 33% Util: 1% Core:1506MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 17:42:20 2019 Stopped: Mon Oct 21 17:42:46 2019

These numbers, as it concerns Norwegians, could be phone numbers as they use 8 digits in their phone numebrs. It could also be the the full format of a persons full birthdate, again this could be in dd/mm/yyyy or in mm/dd/yyyy. To test which might be a bithdate and which could be anything else with 8 digit, like a phone-numbers, we again turn to a regex search of the output of the attack. By using the same as before, yet changing the \d\d with (19|20)\d\d, we recovered 638 for the ﬁrst and 248 for the second when searching our passwords, this is 20.67% of 8 digit passwords. The last step in our search for numbers is just to remove all 1 to 12 digit numbers, as this is easy to do and removes some candidates later. The command for this attack is: hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d?d?d?d?d?d?d --increment

The –increment command tells Hashcat to start at ?d and add ?d after it has tested all combinations, all the way up to ?d?d?d?d?d?d?d?d?d?d?d?d. This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5

60 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 18:41:10 2019 (4 mins, 45 secs) Time.Estimated...: Mon Oct 21 18:45:55 2019 (0 secs) Guess.Mask...... : ?d?d?d?d?d?d?d?d?d?d?d?d [12] Guess.Queue...... : 12/12 (100.00%) Speed.#1...... : 3646.7 MH/s (10.36ms) @ Accel:128 Loops:125 Thr:256 Vec:1 Recovered...... : 16702/394013 (4.24%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:7,N/A,N/A AVG:18,1099,26381 (Min,Hour,Day) Progress...... : 1000000000000/1000000000000 (100.00%) Rejected...... : 0/1000000000000 (0.00%) Restore.Point....: 1000000000/1000000000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:875-1000 Iteration:0-125 Candidates.#1....: 468475367373 -> 688749494964 Hardware.Mon.#1..: Temp: 80c Fan: 81% Util: 98% Core:1771MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 18:40:17 2019 Stopped: Mon Oct 21 18:45:56 2019

The rationale for this attack is that it is easy to setup, quick to do and reveals some of the possibilities right off the bat. As one can see by the last report, we already have little over 4% of the passwords in under 6 minutes in computation time. From here we can go on to run some other attacks that are also simple, yet a little more complex than brute-force. But first we take a back-up of our results. A breakdown of the results can be found in Figure 6.1, where Sub- figure 6.1a breaks down what these numbers might be and Sub-figure 6.1b shows which format the dates are in.

(a) What the numbers might be (b) Formats used

Figure 6.1: Breakdown of Numbers Recovered

6.4.3 Existing Lists One of the ﬁrst things any password cracking attacker would try is to run a list of common or previously cracked passwords. So that is what we do as well. First we quickly reset our results, then we run a short list of the 125 most common Norwegian passwords and see how many are in our database, this is a little bit as a proof-of-concept. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\ordliste_passord_topp_125.txt

This command gave us the following results:

61 Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 21:34:14 2019 (0 secs) Time.Estimated...: Mon Oct 21 21:34:14 2019 (0 secs) Guess.Base...... : File (..\Dict\ordliste_passord_topp_125.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 199.3 kH/s (0.03ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 124/394013 (0.03%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:19024,1141449,27394780 (Min,Hour,Day) Progress...... : 125/125 (100.00%) Rejected...... : 0/125 (0.00%) Restore.Point....: 125/125 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: 0123456789 -> hunter Hardware.Mon.#1..: Temp: 54c Fan: 33% Util: 11% Core:1506MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 21:34:10 2019 Stopped: Mon Oct 21 21:34:15 2019

As can be seen from the results of this attack, not a lot of new passwords were recovered. But almost all of the passwords in the dictionary were found in our database. This is because the database we are attacking contains only unique passwords and contains no duplicates. So we now know why this is the first attack to be done, and decide to do it again but with a larger list of passwords. To be more precise we use the passwords that came out as a result of the rockyou breaches. This file is as previously stated known as rockyou.txt. But first we restore the back-up taken after our numbers-based assault. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\rockyou.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 13:26:11 2019 (3 mins, 44 secs) Time.Estimated...: Tue Oct 22 13:29:55 2019 (0 secs) Guess.Base...... : File (..\Dict\rockyou.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 64130 H/s (2.49ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 74898/394013 (19.01%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:16696,N/A,N/A AVG:15573,934413,22425920 (Min,Hour,Day) Progress...... : 14344384/14344384 (100.00%) Rejected...... : 0/14344384 (0.00%) Restore.Point....: 14344384/14344384 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: $HEX[30383434313332373933] -> $HEX[042a0337c2a156616d6f732103] Hardware.Mon.#1..: Temp: 55c Fan: 34% Util: 0% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 13:26:06 2019 Stopped: Tue Oct 22 13:29:57 2019

62 By including the results of our last search we have all together recovered almost 75.000 of our passwords by spending less than 10 minutes in computation time. This attack recovered another 14.77% of the passwords of this database, but can we recover more using this one file. We probably can, by trying this attack again in combination with a rule file which was spawned by the dictionary we are using. This rule file is called rockyou-30000.rule and comes with Hashcat, it is found in the rules folder.

hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\rockyou.txt -r rules\rockyou-30000.rule --debug-mode=3 --debug-file=rock-rule-dump.log

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 13:34:16 2019 (25 mins, 19 secs) Time.Estimated...: Tue Oct 22 13:59:35 2019 (0 secs) Guess.Base...... : File (..\Dict\rockyou.txt) Guess.Mod...... : Rules (rules\rockyou-30000.rule) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 368.8 MH/s (2.33ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 228079/394013 (57.89%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:361,N/A,N/A AVG:6049,362943,8710653 (Min,Hour,Day) Progress...... : 430331520000/430331520000 (100.00%) Rejected...... : 0/430331520000 (0.00%) Restore.Point....: 14344384/14344384 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:29952-30000 Iteration:0-64 Candidates.#1....: $HEX[6221676f74683836] -> $HEX[042a0369c2a156616d6f7321033832] Hardware.Mon.#1..: Temp: 71c Fan: 53% Util: 90% Core:1847MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 13:34:11 2019 Stopped: Tue Oct 22 13:59:36 2019

There we got almost three times the results by adding one rule file and it cost us another 26 minutes to do so. But let us take a look at how many were recovered using some of the more simple rules. We can do this by searching our debug output file rock-rule-dump.log. In it we look for simple rules like reversing, adding a prefix or suffix, capitalizing and uppercase, where the results are given in Table 6.4.

63 Rule regex amount Reversing :(r) $ 169 Capitalize :(c) $ 0 Uppercase :(u) $ 0 Adding ! at end :(\$!) $ 112 Adding ! at start :(\ˆ!) $ 13 Adding 1 at end :(\$1) $ 816 Adding 1 at start :(\1)ˆ $ 211 Adding 123 at end :(\$123) $ 725 Adding 123! at end :(\$123!) $ 3 Adding 123 at start :(\123)ˆ $ 16 Adding 123! at start :(\123!)ˆ $ 0 Total 2065

Table 6.4: Simple rules used rockyou.txt

6.4.4 Norwegian Now that we have completed the ﬁrst steps of a standard attack let us go on to using Norwegian information to see what we can recover.

Norwegian Names

First up is using names. Modern Norway is a rather multicultural country and therefore has many names that might not be in this dictionary. But we want to know what we can recover with typical Norwegian names so we run this attack anyways, we ﬁrst use the ﬁle names_norwegian.txt without any rules added. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 15:15:34 2019 (1 sec) Time.Estimated...: Tue Oct 22 15:15:35 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 7195.2 kH/s (0.06ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 228171/394013 (57.91%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:18798,1127922,27070130 (Min,Hour,Day) Progress...... : 4792/4792 (100.00%) Rejected...... : 0/4792 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: aaron -> øynes Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 3% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 15:15:30 2019 Stopped: Tue Oct 22 15:15:36 2019

64 We recovered 92 new passwords with names only, it is unusual for people to use their names alone. Usually they add elements to it, some add their date of birth to the end maybe with or without a !, other might just add some random digit to the end. Let us consider our ﬁctional friend Håkon, he might think "my name is not enough, but what if I use håkon1975, håkon1410 or 1410ødegård". These possible combinations can be recovered by this attack so, lets add some dates or simpler add all 4 digit combinations to the end, and then to the front. We run the attack on Norwegian names with this additional mask. hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d?d hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\names_norwegian.txt The second of these command gave us the following results, the ﬁrst can be found in Section A.5: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 15:24:03 2019 (1 sec) Time.Estimated...: Tue Oct 22 15:24:04 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 1/1 (100.00%) Speed.#1...... : 41027.0 kH/s (0.33ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229015/394013 (58.12%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:24835,1490121,35762924 (Min,Hour,Day) Progress...... : 47920000/47920000 (100.00%) Rejected...... : 0/47920000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4736-4792 Iteration:0-64 Candidates.#1....: 1234øien -> 6883øynes Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 5% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 15:23:57 2019 Stopped: Tue Oct 22 15:24:06 2019 Of these 844 newly recovered passwords 355 of them are from adding 4 digits to the back and 489 of them to the from. This would so far suggest that the Norwegian people are more likely to add the numbers before the name rather the after. Now we want to know if the Norwegian users also do some other changes to them as well. Take our fictional friend Håkon he has been told by his email service that his password needs a symbol so he adds one and creates håkon1410!. Now another possibility is that he is not aware of the fact that he can use the letter å so instead his password is set as hakon1410. So to find either of these possible passwords we need to do slight changes to the passwords candidates from the last attack. Unfortunately Hashcat only allows one rule at a time on this hybrid attack mode. So instead we use a Hashcat utility called combinator.exe, this allows us to combine two dictionaries. We use this utility to combine names_norwegian and dates into two files names_norwegian_dates and dates_names_norwegian.

65 combinator.exe ..\names_norwegian.txt ..\dates.txt > ..\names_norwegian_dates.txt combinator.exe ..\dates.txt ..\names_norwegian.txt > ..\dates_names_norwegian.txt With these two new files we can run Hashcat with a rule file and not just one rule. This would then take a few less attacks to recover passwords that are based on names with dates attached. The rule file we use is an altered form of one that also comes with Hashcat called basic.rule. We have altered this file to ignore its rules to append and prepend numbers and we have added some rules that alter Norwegian characters to English ones. We call this new rule file basic2.txt, this is stored in the txt format so it can handle ’øæå’ better. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian_dates.txt -r rules\basic2.txt hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\dates_names_norwegian.txt -r rules\basic2.txt The second of these command gave us the following results, where the first can be found in Appendix A.5: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:22:17 2019 (0 secs) Time.Estimated...: Tue Oct 22 16:22:17 2019 (0 secs) Guess.Base...... : File (..\Dict\dates_names_norwegian.txt) Guess.Mod...... : Rules (rules\basic2.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 105.1 MH/s (6.73ms) @ Accel:512 Loops:16 Thr:64 Vec:1 Recovered...... : 229200/394013 (58.17%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:972,58344,1400273 (Min,Hour,Day) Progress...... : 28521984/28521984 (100.00%) Rejected...... : 0/28521984 (0.00%) Restore.Point....: 1782624/1782624 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-16 Iteration:0-16 Candidates.#1....: $HEX[6e65726d6f7436303932] -> $HEX[3331313298b8796e6573] Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 22% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:22:11 2019 Stopped: Tue Oct 22 16:22:18 2019 So some, but not a lot of people thought of changing their name to a small extent after they added their dates to their names. But dates are not the only numbers that are added to the end. Our ﬁctional friendHåkon might have just added the year to the back of his name taking the millennia and century out of the mix and used håkon75 or just done the simplest thing and used håkon123. So we have to try other combinations as well, we limit ourselves to 4 digits although. Seeing as we have already tried with 4 digits we only need to try 1 to 3. We also add the capitalize rule as this is what people typically do when prompted to add 1 uppercase letter.

66 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment -j c hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment -j c

The last of these command gave us the following results, the others can be found in Appendix A.5:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:37:02 2019 (0 secs) Time.Estimated...: Tue Oct 22 16:37:02 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Right Side Guess.Mod...... : Mask (?d?d?d) [3], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 130.3 MH/s (0.14ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229958/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 4792000/4792000 (100.00%) Rejected...... : 0/4792000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4736-4792 Iteration:0-64 Candidates.#1....: 123øien -> 688øynes Hardware.Mon.#1..: Temp: 54c Fan: 31% Util: 26% Core:1733MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:36:56 2019 Stopped: Tue Oct 22 16:37:03 2019

We can see that almost the same amount of people add any random 3 digit number to the beginning or the end as those that use a possible date. One of the passwords somewhat based on names that user might use is using their email address, this can be a bit hard to do in our position but lets try anyway. To do this we add in a list of Norwegian email domains, this is limited to ".no" as we know this to be true for all emails. We try three different attacks to account for capital letter and uppercase name. hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt

67 ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt -j u hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt -j c

The last of these command gave us the following results, the other can be found in Appendix A.5:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 17:28:20 2019 (0 secs) Time.Estimated...: Tue Oct 22 17:28:20 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : File (..\Dict\norske_epost_adresser.txt), Right Side Speed.#1...... : 694.6 MH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229961/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 19925136/19925136 (100.00%) Rejected...... : 0/19925136 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4096-4158 Iteration:0-64 Candidates.#1....: Aaron(at)himolde,no -> øynes(at)line,no Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 54% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 17:28:15 2019 Stopped: Tue Oct 22 17:28:21 2019

The low number of newly recovered, 3 passwords, was rather expected. This of course is because email addresses are rarely just someones name and an email domain. It rather unlikly that our ﬁctional Friend Håkon’s email is just hå[email protected] or he might have a custom domain that we did not add to our list, like@ødegård.no. The attack could be done more intelligently if you have the users information , like the email they registered with. Using this information you could compile a list of their personal information and create a dictionary based on this. With a dictionary of personal information on several users a rule-based attack could be very efﬁcient. This could also be said about the entire name based attack. A breakdown of the names found can be seen in Figure 6.2

68 Figure 6.2: Breakdown of Names recovered

Sports The next dictionary to use is sports teams, because many people create passwords with their favorite teams name. We want as big a spread as possible so we use a file that contains football, ice hockey and handball. Like the in the previous Section, we start with the names without any changes done to them. Take our fictional friend Håkon as he is a Rosenborg supporter he might find this to be easy to remember and use it as his password. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 17:42:37 2019 (0 secs) Time.Estimated...: Tue Oct 22 17:42:37 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 915.3 kH/s (0.03ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 229979/394013 (58.37%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:9352,561170,13468083 (Min,Hour,Day) Progress...... : 560/560 (100.00%) Rejected...... : 0/560 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: aalesund -> øygardaker topphåndball Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 12% Core:1506MHz Mem:4006MHz Bus:16

69 Started: Tue Oct 22 17:42:32 2019 Stopped: Tue Oct 22 17:42:38 2019

We note that relatively few passwords match team names directly, but let us see what we can recover if we do some changes to the inputs. In the case of our ﬁctional friend Håkon thinks to make his password Rosenborg1927, this is the year the team was renamed to Rosenborg. We do this small change by adding some numbers to the start or end of our input in this next attack, we will also try with and without capitals. hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment -j c hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment -k c

The last of these commands gave us the following results, the other can be found in Appendix A.6:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 18:57:03 2019 (0 secs) Time.Estimated...: Tue Oct 22 18:57:03 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 71099.8 kH/s (0.36ms) @ Accel:128 Loops:70 Thr:256 Vec:1 Recovered...... : 230289/394013 (58.45%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:18921,1135311,27247479 (Min,Hour,Day) Progress...... : 5600000/5600000 (100.00%) Rejected...... : 0/5600000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:490-560 Iteration:0-70 Candidates.#1....: 1234Trysil -> 6883øygardaker topphåndball Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 56% Core:1531MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:56:57 2019 Stopped: Tue Oct 22 18:57:04 2019

We recover a total of 310 new passwords with these four attacks, 182 of them are just numbers added to the team names. Next we change the input slightly by adding the rule ﬁle basic.rule to our attack hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt -r rules\basic.rule

70 This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 18:57:34 2019 (0 secs) Time.Estimated...: Tue Oct 22 18:57:34 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt) Guess.Mod...... : Rules (rules\basic.rule) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 26934.6 kH/s (0.57ms) @ Accel:128 Loops:56 Thr:64 Vec:1 Recovered...... : 230306/394013 (58.45%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:9763,585837,14060090 (Min,Hour,Day) Progress...... : 31360/31360 (100.00%) Rejected...... : 0/31360 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-56 Iteration:0-56 Candidates.#1....: $HEX[61616c6573756e64] -> $HEX[98b87967617264616b657220546f70706898a56e6462616c6c] Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 32% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:57:29 2019 Stopped: Tue Oct 22 18:57:35 2019

This produced another 17 recovered passwords, leaving the total of passwords recovered by using the name of Norwegian sports teams to 375.

Countries and Place Names Another form of name that is easy to remember an thus used for passwords are country names and place names. So we try some of these in the Norwegian language to do an attack. For simplicity and efficiency these are merged into one file which we call land_sted.txt. We first try is the names alone and without any alterations. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 18:58:41 2019 (0 secs) Time.Estimated...: Tue Oct 22 18:58:41 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 517.3 kH/s (0.02ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 230316/394013 (58.45%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:5825,349558,8389383 (Min,Hour,Day) Progress...... : 337/337 (100.00%) Rejected...... : 0/337 (0.00%) Restore.Point....: 337/337 (100.00%)

71 Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: $HEX[61666768616e697374616e] -> $HEX[7361727073626f72671a] Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 20% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:58:36 2019 Stopped: Tue Oct 22 18:58:42 2019 There are 337 different names in the ﬁle and only 10 of them are used as passwords. But what if we add numbers at the beginning or end of the input, as well with capitals. Because our ﬁctional friend Håkon does not want to use Trondheim alone, no he wants to add his year of birth for added security, so he uses trondheim1975. hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\land_sted.txt ?d?d?d?d --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt --increment hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\land_sted.txt ?d?d?d?d -j c --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt -k c --increment The last of these commands gave us the following results, the others can be found in Appendix A.7: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:02:22 2019 (0 secs) Time.Estimated...: Tue Oct 22 19:02:22 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 163.3 MH/s (0.19ms) @ Accel:128 Loops:42 Thr:256 Vec:1 Recovered...... : 230431/394013 (58.48%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:12386,743215,17837182 (Min,Hour,Day) Progress...... : 3370000/3370000 (100.00%) Rejected...... : 0/3370000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:336-337 Iteration:0-42 Candidates.#1....: $HEX[313233345361727073626f72671a] -> $HEX[363838335361727073626f72671a] Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 42% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:02:15 2019 Stopped: Tue Oct 22 19:02:23 2019 Another 115 passwords were recovered using countries or place names with a number appended or prepended to the input as well as with or without capitals. But now let us add some more rules using the basic.rule ﬁle in our attack.

72 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt -r rules\basic.rule

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:02:55 2019 (0 secs) Time.Estimated...: Tue Oct 22 19:02:55 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt) Guess.Mod...... : Rules (rules\basic.rule) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 16203.3 kH/s (0.55ms) @ Accel:128 Loops:56 Thr:64 Vec:1 Recovered...... : 230441/394013 (58.49%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:6441,386460,9275043 (Min,Hour,Day) Progress...... : 18872/18872 (100.00%) Rejected...... : 0/18872 (0.00%) Restore.Point....: 337/337 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-56 Iteration:0-56 Candidates.#1....: $HEX[61666768616e697374616e] -> $HEX[5361727073626f72671a] Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 10% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:02:50 2019 Stopped: Tue Oct 22 19:02:56 2019

Only 135 passwords recovered using the names of places or countries as written in Norwegian.

Norwegian Words Now lets use a larger list than the ones used above. This time let us use about 800.000 Norwegian dictionary words. We want to know how many passwords are just the words without any changes done to them. This could allow us to recover Håkon’s passwords if he has used his dog’s name as a password, this would not be recovered by a name search as sjefen is not an actual name. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:04:07 2019 (4 secs) Time.Estimated...: Tue Oct 22 19:04:11 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 283.6 kH/s (1.58ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 231205/394013 (58.68%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13087,785277,18846654 (Min,Hour,Day)

73 Progress...... : 799198/799198 (100.00%) Rejected...... : 0/799198 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: sports-ministerens -> øy-væringer Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 0% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:04:03 2019 Stopped: Tue Oct 22 19:04:11 2019

764 passwords recovered in the grand scheme of the databases size is not a lot in an absolute sense. But considering that they are generic words without changes it is a relatively large number. So let us try to go after a "newer" form of passwords, the passphrase, in this case combinations of two words. This dictionary is unfortunately to large to use the utility combinator.exe this time. So instead we use the combinator attack mode. hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt

This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:08:06 2019 (5 mins, 21 secs) Time.Estimated...: Tue Oct 22 19:13:27 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt), Left Side Guess.Mod...... : File (..\Dict\norske_ord.txt), Right Side Speed.#1...... : 1883.3 MH/s (4.34ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 236298/394013 (59.97%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:605,N/A,N/A AVG:950,57048,1369160 (Min,Hour,Day) Progress...... : 638717443204/638717443204 (100.00%) Rejected...... : 0/638717443204 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:799168-799198 Iteration:0-64 Candidates.#1....: sports-ministerensøy-området -> øy-væringerøy-væringer Hardware.Mon.#1..: Temp: 75c Fan: 56% Util: 91% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:08:00 2019 Stopped: Tue Oct 22 19:13:28 2019

That is a nice amount of recovered password for a short attack, with a total of 5093 passphrases in Norwegian, at least using these Norwegian words. But lets give it some capitalization, we will try for both the words and then ﬁrst word only. hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt -j c -k c hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt -j c

74 The second one of these commands gave us the following results, where the ﬁrst can be found in Appendix A.8:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:21:27 2019 (4 mins, 50 secs) Time.Estimated...: Tue Oct 22 19:26:17 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt), Left Side Guess.Mod...... : File (..\Dict\norske_ord.txt), Right Side Speed.#1...... : 1939.9 MH/s (4.42ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 237516/394013 (60.28%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:153,N/A,N/A AVG:195,11759,282227 (Min,Hour,Day) Progress...... : 638717443204/638717443204 (100.00%) Rejected...... : 0/638717443204 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:799168-799198 Iteration:0-64 Candidates.#1....: Sports-ministerensøy-området -> øy-væringerøy-væringer Hardware.Mon.#1..: Temp: 75c Fan: 62% Util: 94% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:21:21 2019 Stopped: Tue Oct 22 19:26:18 2019

Another 1218 passwords where recovered using a phrase search. But let us not stop at phrases, we also try this using a strong rule attached. We use the same as the one we used on rockyou.txt, we are talking about rockyou-30000.rule. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt -r rules\rockyou-30000.rule --debug-mode=3 --debug-file=nor-rule.log

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 20:43:02 2019 (1 min, 15 secs) Time.Estimated...: Tue Oct 22 20:44:17 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt) Guess.Mod...... : Rules (rules\rockyou-30000.rule) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 363.0 MH/s (9.55ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 240443/394013 (61.02%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:1997,N/A,N/A AVG:2315,138935,3334462 (Min,Hour,Day) Progress...... : 23975940000/23975940000 (100.00%) Rejected...... : 0/23975940000 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:29952-30000 Iteration:0-64 Candidates.#1....: $HEX[62657474657272657474656c69673836] -> $HEX[c3b87969ad76c3a672696e6765723832] Hardware.Mon.#1..: Temp: 67c Fan: 45% Util: 94% Core:1860MHz Mem:4006MHz Bus:16

75 Started: Tue Oct 22 20:42:56 2019 Stopped: Tue Oct 22 20:44:19 2019

All in all we recovered 9238 passwords with our Norwegian dictionary. A breakdown of these attacks can be seen in Figure 6.3.

Figure 6.3: Breakdown of Norwegian Words

To see if we can find some stragglers to this we run two more time-costly attacks. The first is to run all these Norwegian dictionaries with an even more versatile rule file. This rule file is called OneRuleToRuleThemAll.rule, this rule is a compilation of many other rule files. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\Norwegian -r rules\OneRuleToRuleThemAll.rule --debug-mode=3 --debug-file=all_nor.log

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 21:19:59 2019 (1 sec) Time.Estimated...: Tue Oct 22 21:20:00 2019 (0 secs) Guess.Base...... : File (..\Dict\Norwegian/sport.txt) Guess.Mod...... : Rules (rules\OneRuleToRuleThemAll.rule) Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 32498.0 kH/s (0.38ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 245726/394013 (62.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:61,3710,89054 (Min,Hour,Day)

76 Progress...... : 29117200/29117200 (100.00%) Rejected...... : 0/29117200 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:51968-51995 Iteration:0-64 Candidates.#1....: aalesund -> øygardajjr topphåndball Hardware.Mon.#1..: Temp: 68c Fan: 52% Util: 68% Core:1847MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 21:10:06 2019 Stopped: Tue Oct 22 21:20:01 2019

It seems that we recovered another 5283 passwords that we had not previously recovered using these separate dictionaries. The next look for stragglers is to run a mask attack that looks at passwords with a length of 1-6 with all possible combinations of Norwegian characters. It is capped at this length as this is a manageable search space on our machine in reasonable time. hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 21:26:58 2019 (5 mins, 11 secs) Time.Estimated...: Tue Oct 22 21:32:09 2019 (0 secs) Guess.Mask...... : ?2?2?2?2?2?2 [6] Guess.Charset....: -1 \charsets\standard\norwegian.hcchr, -2 ?a?1, -3 Undefined, -4 Undefined Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 2883.6 MH/s (3.72ms) @ Accel:256 Loops:64 Thr:256 Vec:1 Recovered...... : 258805/394013 (65.68%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:23,N/A,N/A AVG:2470,148236,3557687 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 79c Fan: 78% Util: 93% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 21:26:47 2019 Stopped: Tue Oct 22 21:32:10 2019

A whopping 13.079 new passwords were recovered with a brute force approach. Through all the Norwegian attacks that have been done we have recovered another 30.726 passwords or 7.79%. A question then comes to mind, how many of them would have been recovered if we did this from the beginning. So let us try to answer that question. We reset to right after our attack using rockyou.txt with the rockyou-30000.rule ﬁle attached. hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

77 This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 21:38:03 2019 (4 mins, 38 secs) Time.Estimated...: Tue Oct 22 21:42:41 2019 (0 secs) Guess.Mask...... : ?2?2?2?2?2?2 [6] Guess.Charset....: -1 \charsets\standard\norwegian.hcchr, -2 ?a?1, -3 Undefined, -4 Undefined Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 3003.4 MH/s (3.75ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 241186/394013 (61.21%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:34,N/A,N/A AVG:2828,169728,4073482 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 80c Fan: 80% Util: 94% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 21:37:58 2019 Stopped: Tue Oct 22 21:42:43 2019

So if we went on to the brute-force route right away we would have recovered another 3.32% or 13.107 of the passwords, after we removed all the ones in rockyou.txt.

6.4.5 English Now we see how many we can ﬁnd if we do not work with Norwegian information but go for a similar approach. We be testing names, countries, place-names and words, but instead of sports we use movie based-information. The choice to skip sports and add movies is that most of the sports information can probably be recovered using rockyou.txt. Movie information for Norwegian adults is usually the same as those from the USA or the UK. In this section however we will go through them a bit quicker and look at fewer result reports.

Names Again we start with names from pretty much all around the world, not just English and may contain some Norwegian. We skip the attack on emails in this case. This is what any other attacker would do in a name-based attack, ﬁrst we look at the names alone. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_large.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt

78 Time.Started.....: Wed Oct 23 10:12:25 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:12:26 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 13522.9 kH/s (0.21ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 228080/394013 (57.89%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:644,38688,928533 (Min,Hour,Day) Progress...... : 27607/27607 (100.00%) Rejected...... : 0/27607 (0.00%) Restore.Point....: 27607/27607 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: aaccf -> zywiel Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 12% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:12:20 2019 Stopped: Wed Oct 23 10:12:27 2019 This gave only 1 password, somewhat less then what was recovered with just names in the Norwegian attack. But let us add some numbers and some rules, to be a bit more precise let us try all the other attacks from the Norwegian attack. hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d?d hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\names_large.txt hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_large_dates.txt -r rules\basic2.txt hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\dates_names_large.txt -r rules\basic2.txt hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d --increment hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d --increment -j c hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_large.txt --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_large.txt --increment -j c The last one of these commands gave us the following results, where the others can be found in Appendix A.9: Session...... : hashcat Status...... : Exhausted

79 Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:24:14 2019 (0 secs) Time.Estimated...: Wed Oct 23 10:24:14 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Right Side Guess.Mod...... : Mask (?d?d?d) [3], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 142.3 MH/s (0.12ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228959/394013 (58.11%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 27607000/27607000 (100.00%) Rejected...... : 0/27607000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:27584-27607 Iteration:0-64 Candidates.#1....: 123zukosky -> 688zywiel Hardware.Mon.#1..: Temp: 55c Fan: 33% Util: 42% Core:1733MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:24:07 2019 Stopped: Wed Oct 23 10:24:15 2019

With a somewhat convectional name attack we recovered another 880 passwords as apposed to the 1879 recovered with Norwegian names. That is less then half of the recovered passwords. A breakdown of the types of names are seen in Figure 6.4.

Figure 6.4: Breakdown of Names Recovered

Countries and place Names

Now we move on tho testing names of countries and place-name as written in English and their native languages. First we would like to see how many are recovered by the name alone.

80 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt

This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:21:11 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:21:11 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 34059.7 kH/s (1.39ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 229006/394013 (58.12%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13675,820505,19692126 (Min,Hour,Day) Progress...... : 144948/144948 (100.00%) Rejected...... : 0/144948 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: a coruña -> ’aïn el turk Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 15% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:21:06 2019 Stopped: Wed Oct 23 13:21:12 2019

From this we get 358 new passwords from a plain name search of countries and places. But again what if we add some numbers and do some changes to the input. hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt ?d?d?d?d --increment hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\countries.txt ..\Dict\places.txt --increment

hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\countries.txt ..\Dict\places.txt -k c --increment hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt -r rules\basic.rule

The last one of these commands gave us the following results, where the others can be found in Appendix A.10: Session...... : hashcat Status...... : Exhausted

81 Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:40:49 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:40:49 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt) Guess.Mod...... : Rules (rules\basic.rule) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 82480.8 kH/s (8.43ms) @ Accel:128 Loops:56 Thr:64 Vec:1 Recovered...... : 229865/394013 (58.34%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:12211,732708,17584994 (Min,Hour,Day) Progress...... : 8117088/8117088 (100.00%) Rejected...... : 0/8117088 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-56 Iteration:0-56 Candidates.#1....: $HEX[6b75726b69686172] -> $HEX[e280996198af6e20456c205475726b] Hardware.Mon.#1..: Temp: 53c Fan: 34% Util: 33% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:40:44 2019 Stopped: Wed Oct 23 13:40:50 2019

This gave us another 906 recovered passwords, which is more than the ones recovered using Norwegian country and place names. This gave 135 passwords, but these 135 were spawned from 337 starting names where the recent ones were from 144948.

Movies Let us move on to trying movie information, such as titles or characters, as you might remember our ﬁctional friend Håkon loves the movie Star Wars. He and many others easily go on to use their favorite movie as a basis for their passwords. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters.txt ..\Dict\movie-general.txt hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters ..\Dict\movie-general -r rules\basic.rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters ..\Dict\movie-general -r rules\rockyou-30000.rule

The last one of these commands gave us the following results, where the others can be found in Appendix A.11:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:57:01 2019 (3 secs) Time.Estimated...: Wed Oct 23 13:57:04 2019 (0 secs) Guess.Base...... : File (..\Dict\movie-general) Guess.Mod...... : Rules (rules\rockyou-30000.rule)

82 Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 387.1 MH/s (4.97ms) @ Accel:256 Loops:64 Thr:64 Vec:1 Recovered...... : 230346/394013 (58.46%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:1859,111577,2677870 (Min,Hour,Day) Progress...... : 1146900000/1146900000 (100.00%) Rejected...... : 0/1146900000 (0.00%) Restore.Point....: 38230/38230 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:29952-30000 Iteration:0-64 Candidates.#1....: b00186 -> zygin82 Hardware.Mon.#1..: Temp: 57c Fan: 34% Util: 85% Core:1873MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:56:53 2019 Stopped: Wed Oct 23 13:57:05 2019

An English Dictionary The last of the more standard attacks is to try a dictionary of English words. We have a rather large one to work with, with about 700.000 words. First we try is the words themselves, alone and unaltered. hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\english3.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 14:20:38 2019 (0 secs) Time.Estimated...: Wed Oct 23 14:20:38 2019 (0 secs) Guess.Base...... : File (..\Dict\english3.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 2452.6 kH/s (1.64ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 230400/394013 (58.48%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:8231,493890,11853357 (Min,Hour,Day) Progress...... : 700863/700863 (100.00%) Rejected...... : 0/700863 (0.00%) Restore.Point....: 700863/700863 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: undecillionth -> événements Hardware.Mon.#1..: Temp: 53c Fan: 33% Util: 2% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 14:20:33 2019 Stopped: Wed Oct 23 14:20:39 2019

These results were Rather limited, so to improve the results we throw some rules and phrases into the mix. hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt ..\Dict\english3.txt hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt

83 ..\Dict\english3.txt -j c -k c hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt ..\Dict\english3.txt -j c hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\english3.txt -r rules\rockyou-30000.rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\English -r rules\OneRuleToRuleThemAll.rule

The last one of these commands gave us the following results, where the others can be found in Appendix A.12:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 20:35:24 2019 (22 secs) Time.Estimated...: Wed Oct 23 20:35:46 2019 (0 secs) Guess.Base...... : File (..\Dict\English/places.txt) Guess.Mod...... : Rules (rules\OneRuleToRuleThemAll.rule) Guess.Queue...... : 7/7 (100.00%) Speed.#1...... : 344.4 MH/s (6.14ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 241883/394013 (61.39%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:2396,143765,3450373 (Min,Hour,Day) Progress...... : 7536571260/7536571260 (100.00%) Rejected...... : 0/7536571260 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:51968-51995 Iteration:0-64 Candidates.#1....: kurkihar -> ’aïn dd turk Hardware.Mon.#1..: Temp: 71c Fan: 55% Util: 79% Core:1835MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 19:54:48 2019 Stopped: Wed Oct 23 20:35:48 2019

All in all the English password attack recovered a total of 13804 new passwords or another 3.5%. This is signiﬁcantly less then what the Norwegian attack did with 30726 or 7.79%. A breakdown of these attack can be seen in Figure 6.5.

84 Figure 6.5: Breakdown of English Attack

6.4.6 Rounding off the Attacks We would like to know how many of these were also recovered in the Norwegian attack. To ﬁnd that out we continue from the last attack and then run all of the ones from the Norwegian attack again and compare it to the ﬁrst one. Only the last command is shown and the last results will be preserved, the command and times of the other can be found in Appendix A.13. hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 22:05:37 2019 (4 mins, 12 secs) Time.Estimated...: Wed Oct 23 22:09:49 2019 (0 secs) Guess.Mask...... : ?2?2?2?2?2?2 [6] Guess.Charset....: -1 \charsets\standard\norwegian.hcchr, -2 ?a?1, -3 Undefined, -4 Undefined Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 3259.4 MH/s (3.52ms) @ Accel:256 Loops:64 Thr:256 Vec:1 Recovered...... : 264748/394013 (67.19%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:42,N/A,N/A AVG:2955,177326,4255838 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}?

85 Hardware.Mon.#1..: Temp: 80c Fan: 85% Util: 91% Core:1822MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 22:05:26 2019 Stopped: Wed Oct 23 22:09:51 2019

So after all the English commands have been done before the Norwegian owns we still recover 22865 passwords. This means that almost three fourths of the results were recovered in a Norwegian speciﬁc attack. A breakdown of all the attacks in this thesis can be found in Figure 6.6.

Figure 6.6: A Breakdown of all Attacks

86 Chapter 7

Conclusion

To conclude our study we can take a look at the research questions stated in Section 1.2. Our first research question is regarding the length of the Norwegian passwords, which can be answered based on the passwords we recovered. To do that we dive into the last output, containing the result of all our attacks, and conduct a search based on the length. This search is done using the regex line :(.{X,Y})$, where X and Y are variables for the range X to Y. With this we see that 45.84% of them are 7 characters or less, 27.16% are at the current recommended minimum of 8 characters, while a 26.99% are 9 or above. Since we have done a brute-force attack to recover "all" passwords of length 6 or below, it is most probable that the missing 32.81% are at 7 or above. This would then suggest that more than half of our passwords meet the recommend minimum of 8 characters or are above in length. The second research question is about to what degree Norwegians use predicable or leaked passwords. To answer this question we tried using the rockyou password leak. What we found was that 14.77% of our password database could be recovered in less then 4 minutes without any alteration. Also, if we altered the passwords from this list to a certain extent we could get another 38.88% in about 25 minutes. So all together we spent around half an hour to recover over half of our database using only one dictionary file. But what else could be recovered using an unintelligent approach like brute-force? This was the third research question we asked. We wondered what we can recover using brute-force if we focus on a manageable length of characters. What is manageable in regards to time is of course dependent on what character sets are being used, so we tried a few different lengths. With numbers we went for up to 12 and saw that we can recover 4.24% in 7 minutes and with all Norwegian characters and symbols we recovered 19.04% in less than 10 minutes with a length of 6 characters or fewer. The fourth research question is about how Norwegians use information specific to them. We tried several attacks using several dictionaries in multiple orders of attack, after first having tried a list of leaked passwords. We found that an attack using Norwegian words alone would recover 4.47%. With English words alone we found 3.5% of which 1.89% were already found in the Norwegian attack. This means that 2.58% of the passwords could only be recovered by our Norwegian attacks. Our fifth question was regarding the degree of awareness Norwegians may have about the possibility of using the letters ’ÆØÅæøå’ in their passwords. Again by looking at the results and doing a search using regex with :.*(å|ø|æ|Å|Ø|Æ).*$ we found that 423 passwords contain these letters. This suggest that it is known to a certain extent that these letters can be used,

87 but unfortunately our study does not tell us how many do not know it or how many know it but still do not use Norwegian characters. The final question was how our study can be used to improve the password strength used by Norwegians. The answer to our final question would be that Norwegians need to increase the length of their passwords. Even though most of the passwords we recovered satisfied the currently recommended minimum length of 8 characters or above, this is not enough. Almost half of the passwords in our database could be recovered in less than 30 minutes using a list of previously leaked passwords. Therefore Norwegians should be better at checking their passwords against these lists of leaked passwords, using a web-page or browser extension that can do this, before they choose a password. Norwegians seem to be good at incorporating words from their own language, even if these passwords may be predictable and therefore relatively weak. Unfortunately not many are good enough at using special Norwegian letters. Using these could make it significantly more difficult for a foreign attacker to crack their passwords as it is possible that they may not add special Norwegian characters to their search methods. We will leave the reader with this little piece of statistic: In 2 hour and 40 minutes of attack time with our machine’s power supply of 500W and the current price 0.46 NOK per kWh, this attack cost the shockingly low amount of 0.61 NOK to execute.

88 Chapter 8

Glossary

8.1 Avalanche effect

A desirable effect in cryptography, the avalanche effect means that a small change in the input will lead to a large change in the output.

8.2 CAPTCHA

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". It is a technique used to protect websites against the usage of bots on their sites. It does this by generating a test is easy for humans, an difﬁcult or ideally impossible for computers.

8.3 cygwin

Cygwin is a collection of GNU and open source tools. This can provide a Windows system with functionality similar to that of Linux systems.

8.4 Feistel Structure

A Feistel cipher is an architecture for block ciphers. Which encrypts only half the block in separate operations, and which can decrypt without the need to invert the functions within a round.

8.5 Iterations

When we talk about iteration in regards to hashing we talk about rerunning the hash function with the output of the function in question for that many times, as seen in Figure 8.1. This was done to slow down the functions to make a brute-force attack more costly.

89 Figure 8.1: Hash iterations

8.6 Key Stretching

Key stretching is as simple as the name suggests. It is the process of lengthening the key —in this case the password/passphrase —before it is given as an input for your desired hash function. This is done to strengthen a possibly weak key, which is done to increase the cost of the hash and thus deter any brute-force attack against the password.

8.7 Ofﬂine Attack

Attacking an ofﬂine representation of a password or passwords. This would than allow for a faster attack as there would not be any restrictions as to the number and speed of attempts.

8.8 Online attack

To attack a password on an online service using a web protocol. This would allow the proprietor of the service to set restrictions on the amount of attempts and thus stop or slow down an attack.

8.9 Regex

Regex stands for "Regular Expression. This is a search system that uses patterns instead of simple strings to ﬁnd the wanted information.

90 Example Name Func Description Input word output word rule Nothing : do nothing : pssW0rd pssW0rd Lowercase l Lowercase all letters l pssW0rd pssw0rd Uppercase u Uppercase all letters u pssW0rd PSSW0RD Capitalize the first Capitalize c c pssW0rd Pssw0rd letter and lower the rest Invert Lowercase first found C C pssW0rd pSSW0RD Capitalize character, uppercase the rest Toggle the case of Toggle Case t t pssW0rd PSSw0RD all characters in word. Toggle the case of Toggle @ TN T3 pssW0rd psSW0rd characters at position N Reverse r Reverse the entire word r pssW0rd dr0Wssp Duplicate d Duplicate entire word d pssW0rd pssW0rdpssW0rd Append duplicated pssW0rdpssW0rd- Duplicate N pN p2 pssW0rd word N times pssW0rd Reflect f Duplicate word reversed f pssW0rd pssW0rddr0Wssp Rotate Left { Rotates the word left. { pssW0rd ssW0rdp Rotate Right } Rotates the word right } pssW0rd dpssW0r Append Append character $X $1 pssW0rd pssW0rd1 Character X to end Prepend Prepend character Xˆ 1ˆ pssW0rd 1pssW0rd Character X to front Truncate left [ Deletes first character [ pssW0rd ssW0rd Trucate right ] Deletes last character ] pssW0rd passW0r Deletes character Delete N DN D3 pssW0rd psW0rd at position N Extracts M characters, Extract range xNM x04 pssW0rd pss starting at position N Deletes M characters, Omit range ONM O12 pssW0rd psW0rd starting at position N Inserts character Insert N iNX i4! pssW0rd pss!W0rd X at position N Overwrites character at Overwrite N oNX o3$ pssW0rd ps$W0rd position N with X Truncate word at Truncate N ’N ’6 pssW0rd pssW0 position N Replace all Replace sXY ss$ pssW0rd p$$W0rd instances of X with Y Purge X Purge all instances of X s pssW0rd p@W0rd Duplicate Duplicates first zN z2 pssW0rd pppssW0rd first N character N times Duplicate Duplicates last ZN Z2 pssW0rd pssW0rddd last N character N times Duplicate all q Duplicate every character q pssW0rd ppssssWW00rrdd Insert substring of length M starting Extract memory XNMI from position N of lMX428 pssW0rd pssw0rdw0 word saved to memory at position I Append the word saved to Append memory 4 uMl4 pssW0rd pssw0rdPSSW0RD memory to current word Prepend the word saved Prepend memory 6 rMr6 pssW0rd dr0WssppssW0rd to memory to current word 91 Memorize M Memorize current word lMuX084 pssW0rd PSSpssw0rdW0RD

Table 8.1: Hashcat Word Mangling Rules 92 Bibliography

[1] Eitan Katz. Worst Password Offenders. Nov. 2011. URL: https : / / blog . dashlane.com/password-oﬀenders-2018/. [2] Sarah Rense. The Top 25 Passwords in 2018 Are an Embarrassment to Humankind. Dec. 2018. URL: https : / / www . esquire . com / lifestyle / a25570880/top-passwords-2018/. [3] King James Bible. eng. 2004. [4] Leonhard Schumacher. Tesserarius. eng. 2006. [5] ‘The World’s First Computer Password? It Was Useless Too’. In: (2012). URL: https://www.wired.com/2012/01/computer-password/. [6] ‘How the Air Force cracked Multics Security’. In: (1993). URL: https : //multicians.org/security.html. [7] D. M. Ritchie K. Thompson. UNIX Programmers Manual Third Edition. Feb. 1979. [8] Robert Morris and Ken Thompson. ‘Password Security: A Case His- tory’. In: Commun. ACM 22.11 (Nov. 1979), pp. 594–597. ISSN: 0001-0782. DOI: 10.1145/359168.359172. URL: http://doi.acm.org.ezproxy.uio.no/10. 1145/359168.359172. [9] UNIX 7th Documentation. URL: http://man.cat-v.org/unix_7th/3/crypt. [10] Linux 7th Documentation. URL: http://man7.org/linux/man-pages/man3/ crypt.3.html. [11] Unix System V/386 Release 3.2: System Administrator’s Guide (AT&T UNIX system V/386 library). Prentice Hall, Apr. 1989. [12] ‘BSD 4.3 documentation’. In: (Sept. 1994). URL: https://www.freebsd. org/cgi/man.cgi?query=passwd&sektion=5&manpath=FreeBSD+4.8- RELEASE. [13] NTLMv1 Documentation. URL: https : / / docs . microsoft . com / en - us / openspecs / windows _ protocols / ms - nlmp / 464551a8 - 9fc4 - 428e - b3d3 - bc5bfb2e73a5. [14] FreeBSD crypt.c Revision 4246. Nov. 1994. URL: https://svnweb.freebsd. org/base/head/lib/libcrypt/crypt.c?revision=4246&view=markup. [15] bcrypt reference manual. Apr. 1999. URL: https://www.usenix.org/legacy/ events/usenix99/provos/provos_html/node5.html#sec:bcrypt. [16] MULTICS SECURITY EVALUATION:PASSWORD AND FILE ENCRYP- TION TECHNIQUES. June 1977. [17] Password Security: A dash of ‘salt’ and little of ‘hash’ to go please! June 2012. URL: https://blogs.quickheal.com/password-security-a-dash-of-salt-and- little-of-hash-to-go-please/.

93 [18] Bozidar Levi. UNIX administration : a comprehensive sourcebook for effective systems and network management. eng. Boca Raton, FL, 2002. [19] CRYPT(3) Manual. URL: http://man7.org/linux/man-pages/man3/crypt. 3.html. [20] Jiang Du and Jiwei Li. ‘Analysis the Structure of SAM andCracking PasswordBase on Windows Operating System’. In: (Apr. 2016). [21] ‘How to use the SysKey utility to secure the Windows Security Accounts Manager database’. In: (). URL: https://support.microsoft.com/ nb-no/help/310105/how-to-use-the-syskey-utility-to-secure-the-windows- security-accounts. [22] George A. Miller. ‘The magical number seven, plus or minus two: some limits on our capacity for processing information’. eng. In: Psychological Review 63.2 (1956), pp. 81–97. ISSN: 0033-295X. [23] Passwords, passwords everywhere. URL: https://www.ncsc.gov.uk/blog- post/passwords-passwords-everywhere. [24] ‘NIST SP 800-63 Ver 1.0 Electronic Authentication Guideline’. In: (June 2004). [25] Leona Tam, Myron Glassman and Mark Vandenwauver. ‘The psychology of password management: A tradeoff between security and convenience’. In: Behaviour & IT 29 (May 2010), pp. 233–244. DOI: 10.1080/ 01449290903121386. [26] Rafael Almeida. Symmetric and Asymmetric Encryption. Oct. 2019. URL: https : / / hackernoon . com / symmetric - and - asymmetric - encryption - 5122f9ec65b1. [27] J.H Silverman, Jill Pipher and Jeffrey Hoffstein. An Introduction to Mathematical Cryptography. eng. Undergraduate Texts in Mathematics. New York, NY: Springer New York, 2008. ISBN: 9780387779935. [28] Ashutosh Kumar. Caesar Cipher in Cryptography. Oct. 2019. URL: https: //www.geeksforgeeks.org/caesar-cipher-in-cryptography/. [29] Lars R. Knudsen and Matthew J. B. Robshaw. ‘DES’. In: The Block Cipher Companion. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 13–34. ISBN: 978-3-642-17342-4. DOI: 10.1007/978-3-642-17342-4_2. URL: https://doi.org/10.1007/978-3-642-17342-4_2. [30] O.Y.H. Cheung and Philip Leong. ‘Implementation of an FPGA based accelerator for Virtual Private Networks’. In: Jan. 2003, pp. 34–41. ISBN: 0-7803-7574-2. DOI: 10.1109/FPT.2002.1188662. [31] Lars R. Knudsen and Matthew J. B. Robshaw. ‘AES’. In: The Block Cipher Companion. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 35–64. ISBN: 978-3-642-17342-4. DOI: 10.1007/978-3-642-17342-4_3. URL: https://doi.org/10.1007/978-3-642-17342-4_3. [32] Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. eng. 1st ed. Discrete Mathematics and Its Applications. CRC Press, 1996. ISBN: 9780849385230. [33] Dan Arias. Hashing Passwords: One-Way Road to Security. Apr. 2018. URL: https://auth0.com/blog/hashing-passwords-one-way-road-to-security/. [34] Encyclopedia of cryptography and security. 2nd ed. Gale virtual reference library. New York: Springer, 2011. ISBN: 9781441959072. [35] James H. Burrows. ‘FIPS PUB 180-1, Secure Hash Standard (SHS)’. In: (Apr. 1995). URL: https://apps.dtic.mil/dtic/tr/fulltext/u2/a406543.pdf.

94 [36] ‘Secure Hash Standard (SHS)’. In: (Aug. 2015). URL: https://csrc.nist. gov/csrc/media/publications/fips/180/4/final/documents/fips180-4-draft- aug2014.pdf. [37] Advances in Cryptology-CRYPTO’ 90. eng. 1991. [38] RFC 1321. Apr. 1992. URL: https://tools.ietf.org/html/rfc1321. [39] ‘Chapter 3 - Operating System Installation’. In: (Mar. 2009). URL: https: //docs.microsoft.com/en-us/previous-versions/tn-archive/dd277300(v= technet.10)?redirectedfrom=MSDN#ECAA. [40] George Hatzivasilis. ‘Password-Hashing Status’. In: Cryptography 1.2 (June 2017), p. 10. ISSN: 2410-387X. DOI: 10.3390/cryptography1020010. URL: http://dx.doi.org/10.3390/cryptography1020010. [41] ‘NIST Special Publication 800-63B, Digital Identity Guidelines’. In: (June 2017). URL: https://pages.nist.gov/800-63-3/sp800-63b.html. [42] Your Android pattern lock is too predictable: Study. Aug. 2015. URL: https: //www.gadgetsnow.com/computing/Your-Android-pattern-lock-is-too- predictable-Study/articleshow/48651127.cms. [43] BankID må aktiveres på nytt. Oct. 2019. URL: https://skagerraksparebank. no/aktuelt/bankid. [44] Oct. 2019. URL: https : / / digitaltmuseum . no / 021027367737 / kodekort / media?slide=1. [45] In: (Oct. 2011). URL: http://scienceline.ucsb.edu/getkey.php?key=2650. [46] Who Made Those Fingerprints? June 2012. URL: https://www.nytimes.com/ 2012/06/10/magazine/who-made-those-fingerprints.html. [47] Look, your eyes are wired backwards: here’s why. Mar. 2015. URL: http:// theconversation .com/ look - your - eyes - are - wired- backwards - heres- why- 38319. [48] ‘NIST Timeline’. In: (Oct. 2019). URL: https://www.nist.gov/timeline# event-a-href-node-774226first-director-samuel-w-stratton-a2. [49] ‘NIST Strengthens Laboratory Mission Focus with New Structure’. In: (Sept. 2010). URL: https://www.nist.gov/news-events/news/2010/09/nist- strengthens-laboratory-mission-focus-new-structure. [50] ‘NIST Labs & Major Programs’. In: (July 2019). URL: https://www.nist. gov/labs-major-programs. [51] ‘What ITL does’. In: (June 2019). URL: https://www.nist.gov/itl/about-itl. [52] ‘NIST Special Publication 800-63’. In: (June 2017). URL: https://pages. nist.gov/800-63-3/sp800-63-3.html. [53] Automatic wordlists mangling rules generation. Dec. 2012. URL: https : / / www . openwall . com / presentations / Passwords12 - Mangling - Rules - Generation/. [54] rockyou Password list. Dec. 2009. URL: https://www.kaggle.com/wjburns/ common-password-list-rockyoutxt. [55] Philippe Oechslin. ‘Making a Faster Cryptanalytic Time-Memory Trade-Off’. In: Advances in Cryptology - CRYPTO 2003. Ed. by Dan Boneh. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 617– 630. ISBN: 978-3-540-45146-4. [56] How to store a password in database? Oct. 2019. URL: https : / / www . geeksforgeeks.org/store-password-database/.

95 [57] N. Gelernter et al. ‘The Password Reset MitM Attack’. In: 2017 IEEE Symposium on Security and Privacy (SP). May 2017, pp. 251–267. DOI: 10.1109/SP.2017.9. [58] Handbook of Information and Communication Security. eng. Berlin, Heidel- berg: Springer Berlin Heidelberg, 2010. ISBN: 9783642041167. [59] Koon Yaw. ‘Phishing and Spamming via IM (SPIM)’. In: (Dec. 2006). URL: https://isc.sans.edu/forums/diary/Phishing+and+Spamming+via+ IM+SPIM/1905/. [60] Cameron Camp. PayPal users targeted in sophisticated new phishing campaign. Jan. 2017. URL: https : / / www . welivesecurity. com / 2017 / 01 / 27/paypal-users-targeted-sophisticated-new-phishing-campaign/. [61] Adam Dawes. ‘Landing another blow against email phishing’. In: (Jan. 2012). URL: https://security.googleblog.com/2012/01/landing- another- blow-against-email.html. [62] Steve Stasiukonis. ‘Social Engineering, the USB Way’. In: (June 2006). URL: http : / / web . archive . org / web / 20060713134051 / http : / / www . darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1. [63] John Leyden. ‘Office workers give away passwords for a cheap pen’. In: (Apr. 2003). URL: https://www.theregister.co.uk/2003/04/18/office_ workers_give_away_passwords/. [64] ‘Passwords revealed by sweet deal’. In: (May 2004). URL: http://news. bbc.co.uk/2/hi/technology/3639679.stm. [65] shoulder surfing. URL: https : / / www . oxfordlearnersdictionaries . com / definition/english/shoulder-surfing. [66] fraudWatch International. URL: https://fraudwatchinternational.com/. [67] C.K. Olivo, A.O. Santin and L.S. Oliveira. ‘Obtaining the threat model for e-mail phishing’. eng. In: Applied Soft Computing Journal 13.12 (2011). ISSN: 15684946. [68] Anthony Tomasic Ian Fette Norman Sadeh. ‘Learning to Detect Phish- ing Emails’. In: (June 2006). [69] ‘ISO/IEC 27040:2015 Information technology — Security techniques — Storage security’. In: (2015). URL: https://www.iso.org/standard/44404. html. [70] Nik Cubrilovic. ‘RockYou Hack: From Bad To Worse’. In: (Dec. 2009). URL: https : / / techcrunch . com / 2009 / 12 / 14 / rockyou - hack - security - myspace-facebook-passwords/. [71] The Breached Database Directory. [72] Elie Bursztein Jennifer Pullman Kurt Thomas. ‘New Research: Lessons from Password Checkup in action’. In: (Aug. 2019). URL: https://security. googleblog.com/2019/08/new-research-lessons-from-password.html. [73] Kurt Thomas. ‘Protecting accounts from credential stuffing with password breach alerting’. In: (Aug. 2019). URL: https : / / storage . googleapis . com / pub - tools - public - publication - data / pdf / 33bc2203e7bcb5c0abe289f7432e11563fb2a238.pdf. [74] Nathan Manworren, Joshua Letwat and Olivia Daily. ‘Why you should care about the Target data breach’. eng. In: Business Horizons 59.3 (2016), pp. 257–266. ISSN: 0007-6813.

96 [75] ‘Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach’. In: (July 2019). URL: https://ico. org . uk / about - the - ico / news - and - events / news - and - blogs / 2019 / 07 / statement - intention - to - fine - marriott - international - inc - more - than - 99 - million-under-gdpr-for-data-breach/. [76] ‘At Risk: Community Banks and the Recovery of Losses Due to Merchant Data Breach’. In: (July 2015). URL: https : / / www . blockchainandbanking . com / LOSSES - DUE - TO - MERCHANT - DATA - BREACH#page=1. [77] Troy Hunt. ‘The 773 Million Record Collection #1 Data Breach’. In: (Jan. 2019). URL: https://www.troyhunt.com/the-773-million-record-collection- 1-data-reach/. [78] Password Checkup extension. Oct. 2019. URL: https : / / chrome . google . com / webstore / detail / password - checkup - extensio / pncabnpcffmalkkjpajodfhijclecjno. [79] Pwned websites. URL: https://haveibeenpwned.com/PwnedWebsites. [80] Brutus Homepage. URL: http://www.hoobie.net/brutus/. [81] Brutus Password Cracker. Sept. 2017. URL: https://www.darknet.org.uk/ 2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/. [82] Cain And Abel Download – Windows Password Cracker. Sept. 2017. URL: https://www.darknet.org.uk/2007/01/cain-and-abel-download-windows- password-cracker/. [83] John the Ripper Pro site. URL: https://www.openwall.com/john/pro/. [84] John cracking modes. URL: https://www.openwall.com/john/doc/MODES. shtml. [85] John the Ripper Homepage. URL: https://www.openwall.com/john/. [86] Justin Chang. Cracking Passwords Using John the Ripper. Nov. 2017. URL: https://null- byte.wonderhowto.com/forum/cracking- passwords- using- john-ripper-0181420/. [87] THC Hydra Developer Github. URL: https://github.com/vanhauser- thc/ thc-hydra. [88] THC-Hydra: Obtaining user credentials by brute-force. Feb. 2013. URL: https: / / www . securityartwork . es / 2013 / 02 / 12 / thc - hydra - obtaining - user - credentials-by-brute-force/. [89] RainbowCrack table download. URL: http://project-rainbowcrack.com/table. htm. [90] RainbowCrack & How To Use Rainbow Crack With Rainbow Tables. Oct. 2017. URL: https://www.darknet.org.uk/2006/02/rainbowcrack- how- to-use-rainbow-crack-rainbow-tables/. [91] Hashcat Homepage. [92] AirCrack Homepage. URL: https://www.aircrack-ng.org/. [93] How To Hack Wpa Psk Wifi Password Using Backtrack 5Download Free Software Programs Online. Jan. 2016. URL: http://foreverbackup.weebly. com / blog / how - to - hack - wpa - psk - wifi - password - using - backtrack - 5download-free-software-progr. [94] windump documentation. URL: https://www.winpcap.org/windump/docs/ manual.htm.

97 [95] 3.3. The Main window. Oct. 2019. URL: https://www.wireshark.org/docs/ wsug_html_chunked/ChUseMainWindowSection.html. [96] Gophish documentation. URL: https://getgophish.com/documentation/. [97] Metasploit : the penetration tester’s guide. eng. 2011. [98] Karthik R. Social Engineer Toolkit (SET) tutorial for penetration testers. Aug. 2011. [99] NotSoSecure. ‘NotSoSecure Github’. In: (2017). URL: https : / / github . com/NotSoSecure/password_cracking_rules. [100] hemmelig.com Homepage. URL: https://www.hemmelig.com/. [101] Appunity Twitter. 2011. URL: https://twitter.com/team_appunity.

98 Appendix A

All Result Outputs

A.1 Experiment Files

The program used in the experiments as well as the password database attacked and all the files that were used and produced during the attack can be found in the github repository: https://github.uio.no/nicklash/ Effective-Password-Cracking. This archive has been password protected, using "IfiMaster2019", to try limit the access to the password database to those with the access to this thesis, or those with the tools to crack this password as well.

A.2 Numbers

4 Digit Numbers hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d

This command gave us the following results:

Started: Mon Oct 21 17:11:33 2019 Stopped: Mon Oct 21 17:11:47 2019

99 6 Digit Numbers hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d

This command gave us the following results:

Started: Mon Oct 21 17:39:34 2019 Stopped: Mon Oct 21 17:40:14 2019

8 Digit Numbers hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d?d?d

This command gave us the following results:

Started: Mon Oct 21 17:42:20 2019 Stopped: Mon Oct 21 17:42:46 2019

100 1-12 Digit Numbers hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt ?d?d?d?d?d?d?d?d?d?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 18:41:10 2019 (4 mins, 45 secs) Time.Estimated...: Mon Oct 21 18:45:55 2019 (0 secs) Guess.Mask...... : ?d?d?d?d?d?d?d?d?d?d?d?d [12] Guess.Queue...... : 12/12 (100.00%) Speed.#1...... : 3646.7 MH/s (10.36ms) @ Accel:128 Loops:125 Thr:256 Vec:1 Recovered...... : 16702/394013 (4.24%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:7,N/A,N/A AVG:18,1099,26381 (Min,Hour,Day) Progress...... : 1000000000000/1000000000000 (100.00%) Rejected...... : 0/1000000000000 (0.00%) Restore.Point....: 1000000000/1000000000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:875-1000 Iteration:0-125 Candidates.#1....: 468475367373 -> 688749494964 Hardware.Mon.#1..: Temp: 80c Fan: 81% Util: 98% Core:1771MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 18:40:17 2019 Stopped: Mon Oct 21 18:45:56 2019

A.3 Brute-force

Brute-force up to 6 Characters hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Fri Oct 25 15:43:20 2019 (7 mins, 32 secs) Time.Estimated...: Fri Oct 25 15:50:52 2019 (0 secs) Guess.Mask...... : ?2?2?2?2?2?2 [6] Guess.Charset....: -1 \charsets\standard\norwegian.hcchr, -2 ?a?1, -3 Undefined, -4 Undefined Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 3472.3 MH/s (3.32ms) @ Accel:256 Loops:64 Thr:256 Vec:1 Recovered...... : 75018/394013 (19.04%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:71,N/A,N/A AVG:8493,509627,12231057 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64

101 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 81c Fan: 83% Util: 86% Core:1822MHz Mem:4006MHz Bus:16

Started: Fri Oct 25 15:42:25 2019 Stopped: Fri Oct 25 15:50:53 2019

A.4 Existing Lists

Top 125 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\ordliste_passord_topp_125.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Mon Oct 21 21:34:14 2019 (0 secs) Time.Estimated...: Mon Oct 21 21:34:14 2019 (0 secs) Guess.Base...... : File (..\Dict\ordliste_passord_topp_125.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 199.3 kH/s (0.03ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 124/394013 (0.03%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:19024,1141449,27394780 (Min,Hour,Day) Progress...... : 125/125 (100.00%) Rejected...... : 0/125 (0.00%) Restore.Point....: 125/125 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: 0123456789 -> hunter Hardware.Mon.#1..: Temp: 54c Fan: 33% Util: 11% Core:1506MHz Mem:4006MHz Bus:16

Started: Mon Oct 21 21:34:10 2019 Stopped: Mon Oct 21 21:34:15 2019 rockyou hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\rockyou.txt

This command gave us the following results:

102 Progress...... : 14344384/14344384 (100.00%) Rejected...... : 0/14344384 (0.00%) Restore.Point....: 14344384/14344384 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: $HEX[30383434313332373933] -> $HEX[042a0337c2a156616d6f732103] Hardware.Mon.#1..: Temp: 55c Fan: 34% Util: 0% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 13:26:06 2019 Stopped: Tue Oct 22 13:29:57 2019 rockyou30000 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\rockyou.txt -r rules\rockyou-30000.rule --debug-mode=3

This command gave us the following results:

Started: Tue Oct 22 13:34:11 2019 Stopped: Tue Oct 22 13:59:36 2019

A.5 Norwegian Names

Plain Names hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 15:15:34 2019 (1 sec)

103 Time.Estimated...: Tue Oct 22 15:15:35 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 7195.2 kH/s (0.06ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 228171/394013 (57.91%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:18798,1127922,27070130 (Min,Hour,Day) Progress...... : 4792/4792 (100.00%) Rejected...... : 0/4792 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: aaron -> øynes Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 3% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 15:15:30 2019 Stopped: Tue Oct 22 15:15:36 2019

Name with 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d?d

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 15:22:22 2019 (1 sec) Time.Estimated...: Tue Oct 22 15:22:23 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 1/1 (100.00%) Speed.#1...... : 58613.3 kH/s (0.18ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228526/394013 (58.00%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:20873,1252388,30057333 (Min,Hour,Day) Progress...... : 47920000/47920000 (100.00%) Rejected...... : 0/47920000 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: aaron9493 -> øynes6883 Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 5% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 15:22:15 2019 Stopped: Tue Oct 22 15:22:24 2019

4 Digits and Name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\names_norwegian.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted

104 Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 15:24:03 2019 (1 sec) Time.Estimated...: Tue Oct 22 15:24:04 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 1/1 (100.00%) Speed.#1...... : 41027.0 kH/s (0.33ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229015/394013 (58.12%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:24835,1490121,35762924 (Min,Hour,Day) Progress...... : 47920000/47920000 (100.00%) Rejected...... : 0/47920000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4736-4792 Iteration:0-64 Candidates.#1....: 1234øien -> 6883øynes Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 5% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 15:23:57 2019 Stopped: Tue Oct 22 15:24:06 2019

Names with 4 Digits and Rules hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian_dates.txt -r rules\basic2.txt

This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:20:33 2019 (1 sec) Time.Estimated...: Tue Oct 22 16:20:34 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian_dates.txt) Guess.Mod...... : Rules (rules\basic2.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 30452.4 kH/s (6.41ms) @ Accel:512 Loops:16 Thr:64 Vec:1 Recovered...... : 229194/394013 (58.17%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:9979,598786,14370887 (Min,Hour,Day) Progress...... : 28521984/28521984 (100.00%) Rejected...... : 0/28521984 (0.00%) Restore.Point....: 1782624/1782624 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-16 Iteration:0-16 Candidates.#1....: $HEX[353030316e657373656e6eb8c374] -> $HEX[98b8796e657333313132] Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 5% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:20:27 2019 Stopped: Tue Oct 22 16:20:35 2019

4 Digits and Names with Rules hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\dates_names_norwegian.txt

105 -r rules\basic2.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:22:17 2019 (0 secs) Time.Estimated...: Tue Oct 22 16:22:17 2019 (0 secs) Guess.Base...... : File (..\Dict\dates_names_norwegian.txt) Guess.Mod...... : Rules (rules\basic2.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 105.1 MH/s (6.73ms) @ Accel:512 Loops:16 Thr:64 Vec:1 Recovered...... : 229200/394013 (58.17%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:972,58344,1400273 (Min,Hour,Day) Progress...... : 28521984/28521984 (100.00%) Rejected...... : 0/28521984 (0.00%) Restore.Point....: 1782624/1782624 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-16 Iteration:0-16 Candidates.#1....: $HEX[6e65726d6f7436303932] -> $HEX[3331313298b8796e6573] Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 22% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:22:11 2019 Stopped: Tue Oct 22 16:22:18 2019

Names with up to 3 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:29:05 2019 (1 sec) Time.Estimated...: Tue Oct 22 16:29:06 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : Mask (?d?d?d) [3], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 25788.4 kH/s (0.19ms) @ Accel:128 Loops:62 Thr:256 Vec:1 Recovered...... : 229463/394013 (58.24%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:7095,425701,10216821 (Min,Hour,Day) Progress...... : 4792000/4792000 (100.00%) Rejected...... : 0/4792000 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:992-1000 Iteration:0-62 Candidates.#1....: aaron293 -> øynes688 Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 2% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:28:57 2019 Stopped: Tue Oct 22 16:29:07 2019

106 Names with up to 4 Digits and capital letter hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment -j c

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:29:49 2019 (0 secs) Time.Estimated...: Tue Oct 22 16:29:49 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : Mask (?d?d?d) [3], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 15445.6 kH/s (0.16ms) @ Accel:128 Loops:62 Thr:256 Vec:1 Recovered...... : 229890/394013 (58.35%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:9444,566684,13600439 (Min,Hour,Day) Progress...... : 4792000/4792000 (100.00%) Rejected...... : 0/4792000 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:992-1000 Iteration:0-62 Candidates.#1....: Aaron293 -> øynes688 Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 2% Core:1582MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:29:41 2019 Stopped: Tue Oct 22 16:29:50 2019 up to 4 Digits and Name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 16:36:02 2019 (0 secs) Time.Estimated...: Tue Oct 22 16:36:02 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Right Side Guess.Mod...... : Mask (?d?d?d) [3], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 22900.4 kH/s (0.15ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229958/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:11648,698898,16773555 (Min,Hour,Day) Progress...... : 4792000/4792000 (100.00%) Rejected...... : 0/4792000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4736-4792 Iteration:0-64 Candidates.#1....: 123øien -> 688øynes

107 Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 19% Core:1556MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 16:35:55 2019 Stopped: Tue Oct 22 16:36:03 2019 up to 4 Digits and Name with Capital Letter hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment -j c

This command gave us the following results:

Started: Tue Oct 22 16:36:56 2019 Stopped: Tue Oct 22 16:37:03 2019

Emails hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 17:27:15 2019 (0 secs) Time.Estimated...: Tue Oct 22 17:27:15 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : File (..\Dict\norske_epost_adresser.txt), Right Side Speed.#1...... : 417.8 MH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229961/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:723,43420,1042095 (Min,Hour,Day) Progress...... : 19925136/19925136 (100.00%)

108 Rejected...... : 0/19925136 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4096-4158 Iteration:0-64 Candidates.#1....: aaron(at)himolde,no -> øynes(at)line,no Hardware.Mon.#1..: Temp: 52c Fan: 33% Util: 8% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 17:27:09 2019 Stopped: Tue Oct 22 17:27:16 2019

Email in Uppercase hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt -j u

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 17:27:55 2019 (0 secs) Time.Estimated...: Tue Oct 22 17:27:55 2019 (0 secs) Guess.Base...... : File (..\Dict\names_norwegian.txt), Left Side Guess.Mod...... : File (..\Dict\norske_epost_adresser.txt), Right Side Speed.#1...... : 718.4 MH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229961/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 19925136/19925136 (100.00%) Rejected...... : 0/19925136 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4096-4158 Iteration:0-64 Candidates.#1....: AARON(at)himolde,no -> ØYNES(at)line,no Hardware.Mon.#1..: Temp: 52c Fan: 33% Util: 46% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 17:27:50 2019 Stopped: Tue Oct 22 17:27:56 2019

Capital Email hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ..\Dict\norske_epost_adresser.txt -j c

This command gave us the following results:

109 Recovered...... : 229961/394013 (58.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 19925136/19925136 (100.00%) Rejected...... : 0/19925136 (0.00%) Restore.Point....: 4792/4792 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:4096-4158 Iteration:0-64 Candidates.#1....: Aaron(at)himolde,no -> øynes(at)line,no Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 54% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 17:28:15 2019 Stopped: Tue Oct 22 17:28:21 2019

A.6 Sports

Plain Sports hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt

This command gave us the following results:

Started: Tue Oct 22 17:42:32 2019 Stopped: Tue Oct 22 17:42:38 2019

Sports with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 17:44:14 2019 (0 secs)

110 Time.Estimated...: Tue Oct 22 17:44:14 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 29843.4 kH/s (0.18ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 230065/394013 (58.39%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:5442,326522,7836529 (Min,Hour,Day) Progress...... : 5600000/5600000 (100.00%) Rejected...... : 0/5600000 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: aalesund9493 -> øygardaker topphåndball6883 Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 13% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 17:44:07 2019 Stopped: Tue Oct 22 17:44:16 2019

Up to 4 Digit with Sports hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 18:53:45 2019 (0 secs) Time.Estimated...: Tue Oct 22 18:53:45 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 27521.1 kH/s (0.38ms) @ Accel:128 Loops:70 Thr:256 Vec:1 Recovered...... : 230161/394013 (58.41%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:22791,1367464,32819134 (Min,Hour,Day) Progress...... : 5600000/5600000 (100.00%) Rejected...... : 0/5600000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:490-560 Iteration:0-70 Candidates.#1....: 1234trysil -> 6883øygardaker topphåndball Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 15% Core:1531MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:53:38 2019 Stopped: Tue Oct 22 18:53:46 2019

Sports with Captial and up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment -j c

This command gave us the following results:

111 Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 18:56:33 2019 (0 secs) Time.Estimated...: Tue Oct 22 18:56:33 2019 (0 secs) Guess.Base...... : File (..\Dict\sport.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 32721.8 kH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 230257/394013 (58.44%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:8041,482518,11580435 (Min,Hour,Day) Progress...... : 5600000/5600000 (100.00%) Rejected...... : 0/5600000 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: Aalesund9493 -> øygardaker topphåndball6883 Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 19% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:56:26 2019 Stopped: Tue Oct 22 18:56:34 2019

Up to 4 Digits with Sports hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment -k c

This command gave us the following results:

Started: Tue Oct 22 18:56:57 2019 Stopped: Tue Oct 22 18:57:04 2019

112 Sports with Basic Rules hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt -r rules\basic.rule

This command gave us the following results:

Started: Tue Oct 22 18:57:29 2019 Stopped: Tue Oct 22 18:57:35 2019

A.7 Country- or Place-name

Plain Country- or Place-name hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt

This command gave us the following results:

113 Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 20% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 18:58:36 2019 Stopped: Tue Oct 22 18:58:42 2019

Country- or Place-name with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\land_sted.txt ?d?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:00:14 2019 (0 secs) Time.Estimated...: Tue Oct 22 19:00:14 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 27811.3 kH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 230351/394013 (58.46%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:2500,150052,3601268 (Min,Hour,Day) Progress...... : 3370000/3370000 (100.00%) Rejected...... : 0/3370000 (0.00%) Restore.Point....: 337/337 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: $HEX[61666768616e697374616e39343933] -> $HEX[7361727073626f72671a36383833] Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 16% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:00:07 2019 Stopped: Tue Oct 22 19:00:15 2019

Up to 4 Digits with Country- or Place-name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:01:10 2019 (0 secs) Time.Estimated...: Tue Oct 22 19:01:10 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 66508.7 kH/s (0.20ms) @ Accel:128 Loops:42 Thr:256 Vec:1 Recovered...... : 230375/394013 (58.47%) Digests, 0/1 (0.00%) Salts

114 Recovered/Time...: CUR:N/A,N/A,N/A AVG:20745,1244738,29873687 (Min,Hour,Day) Progress...... : 3370000/3370000 (100.00%) Rejected...... : 0/3370000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:336-337 Iteration:0-42 Candidates.#1....: $HEX[313233347361727073626f72671a] -> $HEX[363838337361727073626f72671a] Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 48% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:01:03 2019 Stopped: Tue Oct 22 19:01:11 2019

Capital Country- or Place-name with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\land_sted.txt ?d?d?d?d -j c --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:01:43 2019 (1 sec) Time.Estimated...: Tue Oct 22 19:01:44 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 29228.0 kH/s (0.17ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 230423/394013 (58.48%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:2568,154125,3699004 (Min,Hour,Day) Progress...... : 3370000/3370000 (100.00%) Rejected...... : 0/3370000 (0.00%) Restore.Point....: 337/337 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: $HEX[41666768616e697374616e39343933] -> $HEX[5361727073626f72671a36383833] Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 19% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:01:36 2019 Stopped: Tue Oct 22 19:01:46 2019

Up to 4 Digits with Capital Country- or Place-name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt -k c --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:02:22 2019 (0 secs)

115 Time.Estimated...: Tue Oct 22 19:02:22 2019 (0 secs) Guess.Base...... : File (..\Dict\land_sted.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 163.3 MH/s (0.19ms) @ Accel:128 Loops:42 Thr:256 Vec:1 Recovered...... : 230431/394013 (58.48%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:12386,743215,17837182 (Min,Hour,Day) Progress...... : 3370000/3370000 (100.00%) Rejected...... : 0/3370000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:336-337 Iteration:0-42 Candidates.#1....: $HEX[313233345361727073626f72671a] -> $HEX[363838335361727073626f72671a] Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 42% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:02:15 2019 Stopped: Tue Oct 22 19:02:23 2019

Country- or Place-name with Basic Rules hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt -r rules\basic.rule

This command gave us the following results:

Started: Tue Oct 22 19:02:50 2019 Stopped: Tue Oct 22 19:02:56 2019

A.8 Norwegian Words

Plain Words hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt

116 This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:04:07 2019 (4 secs) Time.Estimated...: Tue Oct 22 19:04:11 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 283.6 kH/s (1.58ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 231205/394013 (58.68%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13087,785277,18846654 (Min,Hour,Day) Progress...... : 799198/799198 (100.00%) Rejected...... : 0/799198 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: sports-ministerens -> øy-væringer Hardware.Mon.#1..: Temp: 52c Fan: 32% Util: 0% Core:1506MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:04:03 2019 Stopped: Tue Oct 22 19:04:11 2019

Phrases hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:08:06 2019 (5 mins, 21 secs) Time.Estimated...: Tue Oct 22 19:13:27 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt), Left Side Guess.Mod...... : File (..\Dict\norske_ord.txt), Right Side Speed.#1...... : 1883.3 MH/s (4.34ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 236298/394013 (59.97%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:605,N/A,N/A AVG:950,57048,1369160 (Min,Hour,Day) Progress...... : 638717443204/638717443204 (100.00%) Rejected...... : 0/638717443204 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:799168-799198 Iteration:0-64 Candidates.#1....: sports-ministerensøy-området -> øy-væringerøy-væringer Hardware.Mon.#1..: Temp: 75c Fan: 56% Util: 91% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:08:00 2019 Stopped: Tue Oct 22 19:13:28 2019

Phrases Both Capitalized hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt

117 ..\Dict\norske_ord.txt -j c -k c

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Tue Oct 22 19:15:10 2019 (5 mins, 15 secs) Time.Estimated...: Tue Oct 22 19:20:25 2019 (0 secs) Guess.Base...... : File (..\Dict\norske_ord.txt), Left Side Guess.Mod...... : File (..\Dict\norske_ord.txt), Right Side Speed.#1...... : 1943.3 MH/s (4.32ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 236569/394013 (60.04%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:31,N/A,N/A AVG:51,3097,74349 (Min,Hour,Day) Progress...... : 638717443204/638717443204 (100.00%) Rejected...... : 0/638717443204 (0.00%) Restore.Point....: 799198/799198 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:799168-799198 Iteration:0-64 Candidates.#1....: Sports-ministerensøy-området -> øy-væringerøy-væringer Hardware.Mon.#1..: Temp: 75c Fan: 60% Util: 86% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 19:15:04 2019 Stopped: Tue Oct 22 19:20:26 2019

Phrases First Word Capitalized hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt -j c

This command gave us the following results:

Started: Tue Oct 22 19:21:21 2019 Stopped: Tue Oct 22 19:26:18 2019

118 Norwegian Words with rockyou-30000 Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt -r rules\rockyou-30000.rule

This command gave us the following results:

Started: Tue Oct 22 20:42:56 2019 Stopped: Tue Oct 22 20:44:19 2019

A.8.1 All Norwegian Dictionaries Norwegian Dictionaries with OneRuleToRuleThemAll hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\Norwegian -r rules\OneRuleToRuleThemAll.rule

This command gave us the following results:

119 Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:51968-51995 Iteration:0-64 Candidates.#1....: aalesund -> øygardajjr topphåndball Hardware.Mon.#1..: Temp: 68c Fan: 52% Util: 68% Core:1847MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 21:10:06 2019 Stopped: Tue Oct 22 21:20:01 2019

Norwegian Mask After All Dictionaries hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

Started: Tue Oct 22 21:26:47 2019 Stopped: Tue Oct 22 21:32:10 2019

Only Norwegian Mask After rockyou-30000 hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

120 -4 Undefined Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 3003.4 MH/s (3.75ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 241186/394013 (61.21%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:34,N/A,N/A AVG:2828,169728,4073482 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 80c Fan: 80% Util: 94% Core:1822MHz Mem:4006MHz Bus:16

Started: Tue Oct 22 21:37:58 2019 Stopped: Tue Oct 22 21:42:43 2019

A.9 English Names

Plain Names hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_large.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:12:25 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:12:26 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 13522.9 kH/s (0.21ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 228080/394013 (57.89%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:644,38688,928533 (Min,Hour,Day) Progress...... : 27607/27607 (100.00%) Rejected...... : 0/27607 (0.00%) Restore.Point....: 27607/27607 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: aaccf -> zywiel Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 12% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:12:20 2019 Stopped: Wed Oct 23 10:12:27 2019

Names with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d?d

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted

121 Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:13:22 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:13:23 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 1/1 (100.00%) Speed.#1...... : 437.9 MH/s (1.01ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228244/394013 (57.93%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:11182,670969,16103271 (Min,Hour,Day) Progress...... : 276070000/276070000 (100.00%) Rejected...... : 0/276070000 (0.00%) Restore.Point....: 27607/27607 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: aaccf9493 -> zywiel6883 Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 29% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:13:15 2019 Stopped: Wed Oct 23 10:13:24 2019

Up to 4 Digits with Name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\names_large.txt

This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:14:37 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:14:38 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 1/1 (100.00%) Speed.#1...... : 205.1 MH/s (0.32ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228678/394013 (58.04%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:19149,1148973,27575369 (Min,Hour,Day) Progress...... : 276070000/276070000 (100.00%) Rejected...... : 0/276070000 (0.00%) Restore.Point....: 10000/10000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:27584-27607 Iteration:0-64 Candidates.#1....: 1234zukosky -> 6883zywiel Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 19% Core:1632MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:14:31 2019 Stopped: Wed Oct 23 10:14:40 2019

Name with Dates and Basic Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_large_dates.txt

122 -r rules\basic2.txt This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:18:42 2019 (2 secs) Time.Estimated...: Wed Oct 23 10:18:44 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large_dates.txt) Guess.Mod...... : Rules (rules\basic2.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 92192.9 kH/s (7.70ms) @ Accel:512 Loops:16 Thr:64 Vec:1 Recovered...... : 228774/394013 (58.06%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:3086,185194,4444672 (Min,Hour,Day) Progress...... : 164316864/164316864 (100.00%) Rejected...... : 0/164316864 (0.00%) Restore.Point....: 10269804/10269804 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-16 Iteration:0-16 Candidates.#1....: 9012eirahcaz -> Zywiel3112 Hardware.Mon.#1..: Temp: 53c Fan: 33% Util: 28% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:18:36 2019 Stopped: Wed Oct 23 10:18:45 2019

Dates with Name and Basic Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\dates_names_large.txt -r rules\basic2.txt This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:19:51 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:19:52 2019 (0 secs) Guess.Base...... : File (..\Dict\dates_names_large.txt) Guess.Mod...... : Rules (rules\basic2.txt) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 109.3 MH/s (7.59ms) @ Accel:512 Loops:16 Thr:64 Vec:1 Recovered...... : 228781/394013 (58.06%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:263,15781,378761 (Min,Hour,Day) Progress...... : 164316864/164316864 (100.00%) Rejected...... : 0/164316864 (0.00%) Restore.Point....: 10269804/10269804 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-16 Iteration:0-16 Candidates.#1....: rediew8013 -> 3112zywiel Hardware.Mon.#1..: Temp: 53c Fan: 33% Util: 30% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:19:44 2019 Stopped: Wed Oct 23 10:19:53 2019 9s

123 Names with up to 3 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:21:19 2019 (0 secs) Time.Estimated...: Wed Oct 23 10:21:19 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Left Side Guess.Mod...... : Mask (?d?d?d) [3], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 290.3 MH/s (0.96ms) @ Accel:128 Loops:62 Thr:256 Vec:1 Recovered...... : 228797/394013 (58.07%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:2404,144285,3462850 (Min,Hour,Day) Progress...... : 27607000/27607000 (100.00%) Rejected...... : 0/27607000 (0.00%) Restore.Point....: 27607/27607 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:992-1000 Iteration:0-62 Candidates.#1....: aaccf293 -> zywiel688 Hardware.Mon.#1..: Temp: 53c Fan: 33% Util: 12% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:21:12 2019 Stopped: Wed Oct 23 10:21:19 2019

Capital Name with up to 3 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_large.txt ?d?d?d --increment -j c

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:22:43 2019 (0 secs) Time.Estimated...: Wed Oct 23 10:22:43 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Left Side Guess.Mod...... : Mask (?d?d?d) [3], Right Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 212.7 MH/s (0.87ms) @ Accel:128 Loops:62 Thr:256 Vec:1 Recovered...... : 228882/394013 (58.09%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:4530,271857,6524579 (Min,Hour,Day) Progress...... : 27607000/27607000 (100.00%) Rejected...... : 0/27607000 (0.00%) Restore.Point....: 27607/27607 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:992-1000 Iteration:0-62

124 Candidates.#1....: Aaccf293 -> Zywiel688 Hardware.Mon.#1..: Temp: 53c Fan: 32% Util: 10% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:22:36 2019 Stopped: Wed Oct 23 10:22:45 2019

Up to 3 Digits with Name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_large.txt --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:23:27 2019 (1 sec) Time.Estimated...: Wed Oct 23 10:23:28 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Right Side Guess.Mod...... : Mask (?d?d?d) [3], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 53770.9 kH/s (0.12ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228959/394013 (58.11%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:8436,506166,12147999 (Min,Hour,Day) Progress...... : 27607000/27607000 (100.00%) Rejected...... : 0/27607000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:27584-27607 Iteration:0-64 Candidates.#1....: 123zukosky -> 688zywiel Hardware.Mon.#1..: Temp: 54c Fan: 32% Util: 18% Core:1759MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:23:21 2019 Stopped: Wed Oct 23 10:23:29 2019

Up to 3 Digits with Capital Name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_large.txt --increment -j c

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 10:24:14 2019 (0 secs) Time.Estimated...: Wed Oct 23 10:24:14 2019 (0 secs) Guess.Base...... : File (..\Dict\names_large.txt), Right Side Guess.Mod...... : Mask (?d?d?d) [3], Left Side Guess.Queue.Base.: 1/1 (100.00%) Guess.Queue.Mod..: 3/3 (100.00%) Speed.#1...... : 142.3 MH/s (0.12ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 228959/394013 (58.11%) Digests, 0/1 (0.00%) Salts

125 Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 27607000/27607000 (100.00%) Rejected...... : 0/27607000 (0.00%) Restore.Point....: 1000/1000 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:27584-27607 Iteration:0-64 Candidates.#1....: 123zukosky -> 688zywiel Hardware.Mon.#1..: Temp: 55c Fan: 33% Util: 42% Core:1733MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 10:24:07 2019 Stopped: Wed Oct 23 10:24:15 2019

A.10 Country- or Place-name in English or Native Languages

Plain County- or Place-name hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:21:11 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:21:11 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 34059.7 kH/s (1.39ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 229006/394013 (58.12%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:13675,820505,19692126 (Min,Hour,Day) Progress...... : 144948/144948 (100.00%) Rejected...... : 0/144948 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: a coruña -> ’aïn el turk Hardware.Mon.#1..: Temp: 52c Fan: 31% Util: 15% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:21:06 2019 Stopped: Wed Oct 23 13:21:12 2019

Country- or Place-name with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt ?d?d?d?d --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt

126 Time.Started.....: Wed Oct 23 13:22:48 2019 (1 sec) Time.Estimated...: Wed Oct 23 13:22:49 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 2/2 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 1333.1 MH/s (4.00ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229317/394013 (58.20%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:6488,389326,9343835 (Min,Hour,Day) Progress...... : 1449480000/1449480000 (100.00%) Rejected...... : 0/1449480000 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: a coruña9493 -> ’aïn el turk6883 Hardware.Mon.#1..: Temp: 56c Fan: 31% Util: 37% Core:1885MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:22:38 2019 Stopped: Wed Oct 23 13:22:50 2019

Up to 4 Digits with Country- or Place-name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\countries.txt ..\Dict\places.txt --increment

This command gave us the following results: Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:23:25 2019 (1 sec) Time.Estimated...: Wed Oct 23 13:23:26 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 2/2 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 2349.9 MH/s (7.52ms) @ Accel:128 Loops:98 Thr:256 Vec:1 Recovered...... : 229323/394013 (58.20%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 1449479902/1449480000 (100.00%) Rejected...... : 0/1449479902 (0.00%) Restore.Point....: 7357766/7357766 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:196-197 Iteration:0-98 Candidates.#1....: 1570aguadas -> 4796aguadas Hardware.Mon.#1..: Temp: 60c Fan: 34% Util: 96% Core:1885MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:23:17 2019 Stopped: Wed Oct 23 13:23:27 2019

Capital Country- or Place-name with up to 4 Digits hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt ?d?d?d?d -j c --increment

127 This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:38:03 2019 (1 sec) Time.Estimated...: Wed Oct 23 13:38:04 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt), Left Side Guess.Mod...... : Mask (?d?d?d?d) [4], Right Side Guess.Queue.Base.: 2/2 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 1171.8 MH/s (4.28ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 229824/394013 (58.33%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:9507,570467,13691217 (Min,Hour,Day) Progress...... : 1449480000/1449480000 (100.00%) Rejected...... : 0/1449480000 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9984-10000 Iteration:0-64 Candidates.#1....: A coruña9493 -> ’aïn el turk6883 Hardware.Mon.#1..: Temp: 54c Fan: 31% Util: 55% Core:1784MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:37:53 2019 Stopped: Wed Oct 23 13:38:06 2019

Up to 4 Digits with Capital Country- or Place-name hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\countries.txt ..\Dict\places.txt -k c --increment

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:38:49 2019 (1 sec) Time.Estimated...: Wed Oct 23 13:38:50 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt), Right Side Guess.Mod...... : Mask (?d?d?d?d) [4], Left Side Guess.Queue.Base.: 2/2 (100.00%) Guess.Queue.Mod..: 4/4 (100.00%) Speed.#1...... : 2172.0 MH/s (4.88ms) @ Accel:128 Loops:49 Thr:256 Vec:1 Recovered...... : 229825/394013 (58.33%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day) Progress...... : 1449479902/1449480000 (100.00%) Rejected...... : 0/1449479902 (0.00%) Restore.Point....: 7357766/7357766 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:196-197 Iteration:0-49 Candidates.#1....: 1570Aguadas -> 4796Aguadas Hardware.Mon.#1..: Temp: 58c Fan: 33% Util: 95% Core:1873MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:38:42 2019 Stopped: Wed Oct 23 13:38:51 2019

128 Country- or Place-name with Basic Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\countries.txt ..\Dict\places.txt -r rules\basic.rule

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:40:49 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:40:49 2019 (0 secs) Guess.Base...... : File (..\Dict\places.txt) Guess.Mod...... : Rules (rules\basic.rule) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 82480.8 kH/s (8.43ms) @ Accel:128 Loops:56 Thr:64 Vec:1 Recovered...... : 229865/394013 (58.34%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:12211,732708,17584994 (Min,Hour,Day) Progress...... : 8117088/8117088 (100.00%) Rejected...... : 0/8117088 (0.00%) Restore.Point....: 144948/144948 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-56 Iteration:0-56 Candidates.#1....: $HEX[6b75726b69686172] -> $HEX[e280996198af6e20456c205475726b] Hardware.Mon.#1..: Temp: 53c Fan: 34% Util: 33% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:40:44 2019 Stopped: Wed Oct 23 13:40:50 2019

A.11 Movies

Plain Movie Information hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters ..\Dict\movie-general

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:55:29 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:55:29 2019 (0 secs) Guess.Base...... : File (..\Dict\movie-general) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 27244.9 kH/s (0.26ms) @ Accel:1024 Loops:1 Thr:64 Vec:1 Recovered...... : 229874/394013 (58.34%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:4516,271005,6504127 (Min,Hour,Day) Progress...... : 38230/38230 (100.00%) Rejected...... : 0/38230 (0.00%) Restore.Point....: 38230/38230 (100.00%)

129 Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1 Candidates.#1....: 2001 -> zygon Hardware.Mon.#1..: Temp: 52c Fan: 36% Util: 28% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:55:24 2019 Stopped: Wed Oct 23 13:55:30 2019

Movie Information with basic Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters ..\Dict\movie-general -r rules\basic.rule

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 13:56:19 2019 (0 secs) Time.Estimated...: Wed Oct 23 13:56:19 2019 (0 secs) Guess.Base...... : File (..\Dict\movie-general) Guess.Mod...... : Rules (rules\basic.rule) Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 357.3 MH/s (4.67ms) @ Accel:128 Loops:56 Thr:64 Vec:1 Recovered...... : 229910/394013 (58.35%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:7538,452295,10855097 (Min,Hour,Day) Progress...... : 2140880/2140880 (100.00%) Rejected...... : 0/2140880 (0.00%) Restore.Point....: 38230/38230 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-56 Iteration:0-56 Candidates.#1....: 2001 -> Zygon Hardware.Mon.#1..: Temp: 52c Fan: 35% Util: 27% Core:1506MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:56:14 2019 Stopped: Wed Oct 23 13:56:20 2019

Movie Information with rockyou-30000 Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\movie-characters ..\Dict\movie-general -r rules\rockyou-30000.rule

This command gave us the following results:

130 Guess.Queue...... : 2/2 (100.00%) Speed.#1...... : 387.1 MH/s (4.97ms) @ Accel:256 Loops:64 Thr:64 Vec:1 Recovered...... : 230346/394013 (58.46%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:1859,111577,2677870 (Min,Hour,Day) Progress...... : 1146900000/1146900000 (100.00%) Rejected...... : 0/1146900000 (0.00%) Restore.Point....: 38230/38230 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:29952-30000 Iteration:0-64 Candidates.#1....: b00186 -> zygin82 Hardware.Mon.#1..: Temp: 57c Fan: 34% Util: 85% Core:1873MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 13:56:53 2019 Stopped: Wed Oct 23 13:57:05 2019

A.12 English Dictionary

Plain Words hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\english3.txt

This command gave us the following results:

Started: Wed Oct 23 14:20:33 2019 Stopped: Wed Oct 23 14:20:39 2019

Phrases hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt ..\Dict\english3.txt

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted

131 Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 14:21:16 2019 (3 mins, 48 secs) Time.Estimated...: Wed Oct 23 14:25:04 2019 (0 secs) Guess.Base...... : File (..\Dict\english3.txt), Left Side Guess.Mod...... : File (..\Dict\english3.txt), Right Side Speed.#1...... : 1826.8 MH/s (1.25ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 233513/394013 (59.27%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:320,N/A,N/A AVG:835,50112,1202709 (Min,Hour,Day) Progress...... : 491208944769/491208944769 (100.00%) Rejected...... : 0/491208944769 (0.00%) Restore.Point....: 700863/700863 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:700800-700863 Iteration:0-64 Candidates.#1....: undecillionthémeutes -> événementsévénements Hardware.Mon.#1..: Temp: 75c Fan: 62% Util: 22% Core:1822MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 14:21:11 2019 Stopped: Wed Oct 23 14:25:05 2019

Phrases Both Capitalized hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt ..\Dict\english3.txt -j c -k c

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 17:11:24 2019 (3 mins, 41 secs) Time.Estimated...: Wed Oct 23 17:15:05 2019 (0 secs) Guess.Base...... : File (..\Dict\english3.txt), Left Side Guess.Mod...... : File (..\Dict\english3.txt), Right Side Speed.#1...... : 1822.3 MH/s (1.31ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 233878/394013 (59.36%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:30,N/A,N/A AVG:98,5927,142249 (Min,Hour,Day) Progress...... : 491208944769/491208944769 (100.00%) Rejected...... : 0/491208944769 (0.00%) Restore.Point....: 700863/700863 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:700800-700863 Iteration:0-64 Candidates.#1....: Undecillionthémeutes -> événementsévénements Hardware.Mon.#1..: Temp: 75c Fan: 58% Util: 85% Core:1822MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 17:11:17 2019 Stopped: Wed Oct 23 17:15:06 2019

Phrases First Capital hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\english3.txt ..\Dict\english3.txt -j c

This command gave us the following results:

132 Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 17:16:04 2019 (3 mins, 47 secs) Time.Estimated...: Wed Oct 23 17:19:51 2019 (0 secs) Guess.Base...... : File (..\Dict\english3.txt), Left Side Guess.Mod...... : File (..\Dict\english3.txt), Right Side Speed.#1...... : 1808.4 MH/s (1.31ms) @ Accel:128 Loops:64 Thr:256 Vec:1 Recovered...... : 234537/394013 (59.53%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:56,N/A,N/A AVG:173,10432,250379 (Min,Hour,Day) Progress...... : 491208944769/491208944769 (100.00%) Rejected...... : 0/491208944769 (0.00%) Restore.Point....: 700863/700863 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:700800-700863 Iteration:0-64 Candidates.#1....: Undecillionthémeutes -> événementsévénements Hardware.Mon.#1..: Temp: 75c Fan: 61% Util: 85% Core:1822MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 17:15:57 2019 Stopped: Wed Oct 23 17:19:53 2019

English word with rockyou-30000 Rule hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\english3.txt -r rules\rockyou-30000.rule

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 17:23:39 2019 (50 secs) Time.Estimated...: Wed Oct 23 17:24:29 2019 (0 secs) Guess.Base...... : File (..\Dict\english3.txt) Guess.Mod...... : Rules (rules\rockyou-30000.rule) Guess.Queue...... : 1/1 (100.00%) Speed.#1...... : 428.7 MH/s (6.15ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 235260/394013 (59.71%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:879,52778,1266689 (Min,Hour,Day) Progress...... : 21025890000/21025890000 (100.00%) Rejected...... : 0/21025890000 (0.00%) Restore.Point....: 700863/700863 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:29952-30000 Iteration:0-64 Candidates.#1....: $HEX[626e646563696c6c696f6e74683836] -> $HEX[c3a97669a96e656d656e74733832] Hardware.Mon.#1..: Temp: 67c Fan: 45% Util: 84% Core:1860MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 17:23:34 2019 Stopped: Wed Oct 23 17:24:29 2019

133 All English Dictionaries with OneRuleToRuleThemAll hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\English -r rules\OneRuleToRuleThemAll.rule

This command gave us the following results:

Started: Wed Oct 23 19:54:48 2019 Stopped: Wed Oct 23 20:35:48 2019

A.13 Norwegian After English

All but last 2 Attacks hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian.txt

Started: Wed Oct 23 21:01:53 2019 Stopped: Wed Oct 23 21:02:00 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d?d

Started: Wed Oct 23 21:02:10 2019 Stopped: Wed Oct 23 21:02:19 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\names_norwegian.txt

Started: Wed Oct 23 21:02:28 2019 Stopped: Wed Oct 23 21:02:37 2019

134 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\names_norwegian_dates.txt -r rules\basic2.txt

Started: Wed Oct 23 21:02:46 2019 Stopped: Wed Oct 23 21:02:53 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\dates_names_norwegian.txt -r rules\basic2.txt

Started: Wed Oct 23 21:03:03 2019 Stopped: Wed Oct 23 21:03:08 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment

Started: Wed Oct 23 21:03:18 2019 Stopped: Wed Oct 23 21:03:28 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\names_norwegian.txt ?d?d?d --increment -j c

Started: Wed Oct 23 21:03:38 2019 Stopped: Wed Oct 23 21:03:47 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment

Started: Wed Oct 23 21:03:56 2019 Stopped: Wed Oct 23 21:04:04 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d ..\Dict\names_norwegian.txt --increment -j c

Started: Wed Oct 23 21:04:14 2019 Stopped: Wed Oct 23 21:04:22 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt

Started: Wed Oct 23 21:04:31 2019 Stopped: Wed Oct 23 21:04:37 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt

135 ..\Dict\land_sted.txt ?d?d?d?d --increment

Started: Wed Oct 23 21:04:46 2019 Stopped: Wed Oct 23 21:04:57 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt --increment

Started: Wed Oct 23 21:05:12 2019 Stopped: Wed Oct 23 21:05:20 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\land_sted.txt ?d?d?d?d -j c --increment

Started: Wed Oct 23 21:05:29 2019 Stopped: Wed Oct 23 21:05:38 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\land_sted.txt -k c --increment

Started: Wed Oct 23 21:05:48 2019 Stopped: Wed Oct 23 21:05:57 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\land_sted.txt -r rules\basic.rule

Started: Wed Oct 23 21:06:06 2019 Stopped: Wed Oct 23 21:06:13 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt

Started: Wed Oct 23 21:06:22 2019 Stopped: Wed Oct 23 21:06:28 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment

Started: Wed Oct 23 21:06:38 2019 Stopped: Wed Oct 23 21:06:47 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment

Started: Wed Oct 23 21:07:06 2019

136 Stopped: Wed Oct 23 21:07:14 2019 hashcat64.exe -m 0 -a 6 ..\collectionMD5.txt ..\Dict\sport.txt ?d?d?d?d --increment -j c

Started: Wed Oct 23 21:07:31 2019 Stopped: Wed Oct 23 21:07:40 2019 hashcat64.exe -m 0 -a 7 ..\collectionMD5.txt ?d?d?d?d ..\Dict\sport.txt --increment -k c

Started: Wed Oct 23 21:07:50 2019 Stopped: Wed Oct 23 21:07:58 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\sport.txt -r rules\basic.rule

Started: Wed Oct 23 21:08:08 2019 Stopped: Wed Oct 23 21:08:15 2019 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt

Started: Wed Oct 23 21:08:29 2019 Stopped: Wed Oct 23 21:08:37 2019 hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt

Started: Wed Oct 23 21:08:49 2019 Stopped: Wed Oct 23 21:14:03 2019 hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt -j c -k c

Started: Wed Oct 23 21:14:23 2019 Stopped: Wed Oct 23 21:19:32 2019 hashcat64.exe -m 0 -a 1 ..\collectionMD5.txt ..\Dict\norske_ord.txt ..\Dict\norske_ord.txt -j c

Started: Wed Oct 23 21:19:52 2019 Stopped: Wed Oct 23 21:25:00 2019

137 hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\norske_ord.txt -r rules\rockyou-30000.rule

Started: Wed Oct 23 21:31:10 2019 Stopped: Wed Oct 23 21:32:23 2019

Second to Last Attack hashcat64.exe -m 0 -a 0 ..\collectionMD5.txt ..\Dict\Norwegian -r rules\OneRuleToRuleThemAll.rule

This command gave us the following results:

Session...... : hashcat Status...... : Exhausted Hash.Type...... : MD5 Hash.Target...... : ..\collectionMD5.txt Time.Started.....: Wed Oct 23 22:00:28 2019 (1 sec) Time.Estimated...: Wed Oct 23 22:00:29 2019 (0 secs) Guess.Base...... : File (..\Dict\Norwegian/sport.txt) Guess.Mod...... : Rules (rules\OneRuleToRuleThemAll.rule) Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 33703.5 kH/s (0.36ms) @ Accel:128 Loops:64 Thr:64 Vec:1 Recovered...... : 252066/394013 (63.97%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:63,3813,91526 (Min,Hour,Day) Progress...... : 29117200/29117200 (100.00%) Rejected...... : 0/29117200 (0.00%) Restore.Point....: 560/560 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:51968-51995 Iteration:0-64 Candidates.#1....: aalesund -> øygardajjr topphåndball Hardware.Mon.#1..: Temp: 69c Fan: 52% Util: 71% Core:1847MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 21:35:25 2019 Stopped: Wed Oct 23 22:00:30 2019

Last Attack hashcat64.exe -m 0 -a 3 ..\collectionMD5.txt -1 \charsets\standard\norwegian.hcchr -2 ?a?1 ?2?2?2?2?2?2 --increment

This command gave us the following results:

138 -4 Undefined Guess.Queue...... : 6/6 (100.00%) Speed.#1...... : 3259.4 MH/s (3.52ms) @ Accel:256 Loops:64 Thr:256 Vec:1 Recovered...... : 264748/394013 (67.19%) Digests, 0/1 (0.00%) Salts Recovered/Time...: CUR:42,N/A,N/A AVG:2955,177326,4255838 (Min,Hour,Day) Progress...... : 735091890625/735091890625 (100.00%) Rejected...... : 0/735091890625 (0.00%) Restore.Point....: 81450625/81450625 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:9024-9025 Iteration:0-64 Candidates.#1....: ~5x$~ -> ~ ~}? Hardware.Mon.#1..: Temp: 80c Fan: 85% Util: 91% Core:1822MHz Mem:4006MHz Bus:16

Started: Wed Oct 23 22:05:26 2019 Stopped: Wed Oct 23 22:09:51 2019

139