DOCSLIB.ORG

Modern Network Security Practices: Using Rainbow Tables to Solve Organizational Issues

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

2018 IEEE 39th Sarnoff Symposium Modern Network Security Practices: Using Rainbow Tables to Solve Organizational Issues Christopher McMahon Xiaowen Zhang Computer Science Dept. Computer Science Dept. College of Staten Island, CUNY College of Staten Island, CUNY Staten Island, NY 11314, U.S.A. Staten Island, NY 11314, U.S.A. Email: [email protected] Email: [email protected] Abstract—The purpose of this case study analysis is to The rest of paper is organized as follows. In Section II, examine a non-traditional method of identifying weak pass- we briefly introduce some preliminary background on time- words within a large hospital organization. The process of memory trade-off attack, reduction and hash function, and using rainbow tables to crack passwords/ensure password rainbow tables. In Section III, we describe the four-step compliance is discussed and specific examples are provided method to crack passwords. We show experiment results in within this paper. This process emphasizes the notion that Section IV and conclude the paper in Section V. network security-related problems tend to be organization- specific and require creative approaches. The goal is to establish a practical use for rainbow tables within an organization as a II. TMTO AND RAINBOW TABLES means of enhancing network security. To understand how rainbow tables work, we must first discuss Hellman’s Time-Memory Trade-Off (TMTO), which Keywords-Rainbow table; password crack; time-memory is the basis for how Rainbow Tables function. trade-off; network security; hash function; reduction function. A. Hellman’s Time-Memory Trade-Off (TMTO) Attack I. INTRODUCTION Assume f is a random function (permutation) f : f1; 2;:::;Ng ! f1; 2;:::;Ng such that f has a huge cycle A major issue facing network security teams of large covering all N values. Let f (x) = f(x)⊕i be a small tweak organizations is ensuring that organization members are ip compliant with network security procedures. Password com- of f(x); i = 1; 2; : : : ; t; t = (N). Hellman’s TMTO attack plexity is a basic but critical component of establishing a [1], [2], [3] consists of two phases: secure network. However, the process of keeping track of Pre-computation phase: members who have passwords that do not meet complexity For each of the t functions f , choose m random start requirements can be a challenging task depending on the p i circumstances. This was a recent problem of the large North points( SPs), where m = (N), and compute chains of American hospital discussed within this paper. Our network length t, store the m value pairs (end point, start point) in a security team is unable to mandate regular password changes table, i.e., each table contains m pairs of (EP, SP). Each (EP, because of the large, diverse population of close to 12,000 SP) pair represents a chain that renders t values. Because EP users. Many users in patient care never directly log in to a is the value after t iterations of fi with SP as start point. computer, only logging in to their applications, as well as Thus each table covers mt values. Memory-wise, each table many users rarely checking e-mail accounts. Additionally, takes m entries (blocks) of space. password complexity was not a requirement added until There are t functions of fi, therefore we build t tables. 2010. Since passwords are stored as hashes with a constant As we want cover entire space of O(N) values by all tables, length, it is impossible to easily determine from Active therefore we have mt × t = mt2 = N. Directory whether a password meets the complexity re- quirements, resulting in possibly thousands of noncompliant Because each table has m entries/blocks, there are t such passwords. tables. Therefore, the total memory used is M = m × t = mt. To address this issue, the idea was proposed to use Rain- bow Tables to identify which passwords were noncompliant. On-line phase: A Rainbow Table is an application of Hellman’s Time- j We try to compute fi (y) for every i = 1; : : : ; t and Memory Trade-Off (TMTO) attack. Being that it is an attack j = 1; : : : ; t until one of the end points is hit. Then we use method used for password cracking, it is typically used for the corresponding SP to find the predecessor x of y such illicit purposes, and very rarely utilized in an organizational that y = f(x). Therefore the number of operations is t2, it environment. In this scenario, it would allow the network represents the time complexity T = t2. security team to identify only those passwords that did not meet complexity requirements, and therefore a much smaller From pre-computation phase, we know that mt2 = N, subset of users would be required to change their passwords. then we have (mt2)2 = N 2, i.e., (mt2)2t2 = N 2. Because 978-1-5386-6154-3/18/$31.00 ©2018 IEEE 2018 IEEE 39th Sarnoff Symposium memory requirement M = mt2, time requirement T = t2. In the above assumption, we can define a reduction Therefore we have TM 2 = N 2. A common point on function R as XORing the left 64-bit of the hash value with the curve is M = T = N 2=3. It can be verified as the right 64-bit to get an output of 64-bit, that is in P space. N 2=3(N 2=3)2 = N 2=3N 4=3 = N 6=3 = N 2. We can give an example here: Let p1 = Z8&6dh$n, Therefore, Hellman’s TMTO attack needs memory M = its MD5 hash value h1 = MD5(p1) = N 2=3 and time T = N 2=3. It is a dramatic improvement for 9bef715e662cc300796c1cfefd4f8913 = 0 exhaustive search in which pre-computation , memory R(h ) = 9bef715e662cc300 ⊕ 796c1cfefd4f8913 = M = 0 T = N 1 , but time . It also does not require e2836da09b634a13 ! 62236d203b634a33 = b#m cJ3 = less memory than table/dictionary search in which pre- p . Note: for every byte generated by R(h ), we set the 7th computation = N, memory M = N, time T = 1. Therefore 2 1 bit (i.e., the most significant bit) to 0; furthermore, if both Hellman’s TMTO trades memory with time. 6th and 5th bit are 0, we set 5th bit to 1. B. Reduction Function C. Hash Function LM Why do we need reduction function? In order to build We also need to understand the hash functions that rainbow tables, we will have to create an iterative function Microsoft Windows uses to store user’s passwords. LM f, where f has its domain size equal to range size. But (LAN Manager) hash is an outdated password hashing for a real hash function H, there is a size discrepancy of method developed by Microsoft in cooperation with 3Com its domain and range spaces. Suppose the hash function H Corporation that is considered particularly weak. It uses the uses the Message Digest 5 algorithm (MD5), and further Data Encryption Standard (DES) encryption method and is suppose domain space is all possible passwords P with 8 no longer commonly used. characters the American Standard Code for Information In- terchange (ASCII) characters (suppose each ASCII character NTLM (NT LAN Manager) is the successor to LM and is encoded in 8 bits), and the range H is 128 bit hexadecimal is a suite of multiple authentication protocols, developed values. The domain size is 264 = 1:84 × 1019, but the range solely by Microsoft. Though it is not recommended as an size is 2128 = 3:40 × 1038. There is a huge difference. authentication protocol, it is still widely used to maintain compatibility for older systems and has been included in Kerberos, which is currently the Microsoft recommended authentication protocol. NTLMv2, which is the most com- mon NTLM protocol, uses the HMAC-MD5 authentication code. This code uses the MD5 hash algorithm, which is the algorithm that was used in the password cracking project described in this paper. Full text of the MD5 hash algorithm can be found in RFC1321 [4]. D. Rainbow Table A rainbow table [5] is a type of hash lookup table utilizing TMTO generated to reverse cryptographic hash functions as a means to crack password hashes. It differs from standard hash lookup tables as it requires more processing time per hash lookup, but uses much less storage. Standard hash tables, see Table I for an example, can grow to be very large as they are essentially a list of all Figure 1: Reduction function possible passwords in a key space and their corresponding hash. Rainbow tables approach this problem by constructing We need to define a reduction function R that maps chains that use alternating hash and reduction functions, see a 128-bit hash value in H back to a 64-bit value in P . Figure 2 for an example. In the chain, everything is then After that we can apply hash function H again to get thrown away except for the first input and the last hash. H(pi) R(hi) When performing a hash lookup, these chains are then the iteration going. It is pi −−−−! hi −−−! pi+1, see regenerated until the hash is found. This greatly improves Figure 1 for illustration. When put together, we define storage efficiency but more processing power becomes f(pi) = R(H(pi)), such f function has the same domain required to perform the hash lookup. and range spaces (both 68-bit). Therefore, we can iterate f from one password pi to generate next password pi+1, then apply f again to generate another password pi+2. In the Size comparison f f f equation, it is written as pi −! pi+1 −! pi+2 −! ::: Given A set of 10 MD5 rainbow tables that has 99.9% accuracy an initial password p1, we iterate f function t times to get for passwords that contain all alphanumeric characters and a (pt; p1) pair, it is a (EP, SP) pair stored in the table.
Recommended publications
  • Analysis of Password Cracking Methods & Applications

    Analysis of Password Cracking Methods & Applications

    The University of Akron IdeaExchange@UAkron The Dr. Gary B. and Pamela S. Williams Honors Honors Research Projects College Spring 2015 Analysis of Password Cracking Methods & Applications John A. Chester The University Of Akron, [email protected] Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Follow this and additional works at: http://ideaexchange.uakron.edu/honors_research_projects Part of the Information Security Commons Recommended Citation Chester, John A., "Analysis of Password Cracking Methods & Applications" (2015). Honors Research Projects. 7. http://ideaexchange.uakron.edu/honors_research_projects/7 This Honors Research Project is brought to you for free and open access by The Dr. Gary B. and Pamela S. Williams Honors College at IdeaExchange@UAkron, the institutional repository of The nivU ersity of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Honors Research Projects by an authorized administrator of IdeaExchange@UAkron. For more information, please contact [email protected], [email protected]. Analysis of Password Cracking Methods & Applications John A. Chester The University of Akron Abstract -- This project examines the nature of password cracking and modern applications. Several applications for different platforms are studied. Different methods of cracking are explained, including dictionary attack, brute force, and rainbow tables. Password cracking across different mediums is examined. Hashing and how it affects password cracking is discussed. An implementation of two hash-based password cracking algorithms is developed, along with experimental results of their efficiency. I. Introduction Password cracking is the process of either guessing or recovering a password from stored locations or from a data transmission system [1].
  • Cryptanalytic Tools

    Cryptanalytic Tools

    Cryptanalytic Tools Authors: Prof. Dr.-Ing. Tim Güneysu Dipl. Ing. Alexander Wild B. Sc. Tobias Schneider Ruhr-Universität Bochum Module Cryptanalytic Tools Chapter 3: Introduction to Cryptanalysis Chapter 4: Computational Complexity and Parallelism Chapter 5: Secret Parameters and Keys Chapter 6: Tools for Symmetric Cryptanalysis Chapter 7: Tools for Asymmetric Cryptanalysis Authors: Prof. Dr.-Ing. Tim Güneysu Dipl. Ing. Alexander Wild B. Sc. Tobias Schneider 1. edition Ruhr-Universität Bochum © 2015 Ruhr-Universität Bochum Universitätsstraße 150 44801 Bochum 1. edition (31. March 2015) Das Werk einschließlich seiner Teile ist urheberrechtlich geschützt. Jede Ver- wendung außerhalb der engen Grenzen des Urheberrechtsgesetzes ist ohne Zustimmung der Verfasser unzulässig und strafbar. Das gilt insbesondere für Vervielfältigungen, Übersetzungen, Mikroverfilmungen und die Einspe- icherung und Verarbeitung in elektronischen Systemen. Um die Lesbarkeit zu vereinfachen, wird auf die zusätzliche Formulierung der weiblichen Form bei Personenbezeichnungen verzichtet. Wir weisen deshalb darauf hin, dass die Verwendung der männlichen Form explizit als geschlechtsunabhängig verstanden werden soll. Das diesem Bericht zugrundeliegende Vorhaben wurde mit Mitteln des Bundesministeriums für Bildung, und Forschung unter dem Förderkennze- ichen 16OH12026 gefördert. Die Verantwortung für den Inhalt dieser Veröf- fentlichung liegt beim Autor. Contents Page3 Contents Introduction to the module books 5 I. Icons and colour codes . 5 Chapter 3 Introduction to Cryptanalysis 7 3.1 Definition of Security . 7 3.1.1 Security of Cryptographic Systems . 7 3.1.2 Categories of Attacks . 8 3.1.3 Categories of Attackers . 9 3.1.4 Secret Key Lengths . 10 3.2 Outline of this Lecture . 11 3.3 Further Reading Materials . 11 Chapter 4 Computational Complexity and Parallelism 13 4.1 Asymptotic Computational Complexity .
  • A New Approach in Expanding the Hash Size of MD5

    A New Approach in Expanding the Hash Size of MD5

    374 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 10, No. 2, August 2018 A New Approach in Expanding the Hash Size of MD5 Esmael V. Maliberan, Ariel M. Sison, Ruji P. Medina Graduate Programs, Technological Institute of the Philippines, Quezon City, Philippines Abstract: The enhanced MD5 algorithm has been developed by variants and RIPEMD-160. These hash algorithms are used expanding its hash value up to 1280 bits from the original size of widely in cryptographic protocols and internet 128 bit using XOR and AND operators. Findings revealed that the communication in general. Among several hashing hash value of the modified algorithm was not cracked or hacked algorithms mentioned above, MD5 still surpasses the other during the experiment and testing using powerful bruteforce, since it is still widely used in the domain authentication dictionary, cracking tools and rainbow table such as security owing to its feature of irreversible [41]. This only CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level means that the confirmation does not need to demand the compared to the original MD5. Furthermore, the proposed method original data but only need to have an effective digest to could output a hash value with 1280 bits with only 10.9 ms confirm the identity of the client. The MD5 message digest additional execution time from MD5. algorithm was developed by Ronald Rivest sometime in 1991 to change a previous hash function MD4, and it is commonly Keywords: MD5 algorithm, hashing, client-server used in securing data in various applications [27,23,22].
  • Computational Security and the Economics of Password Hacking

    Computational Security and the Economics of Password Hacking

    COMPUTATIONAL SECURITY AND THE ECONOMICS OF PASSWORD HACKING Abstract Given the recent rise of cloud computing at cheap prices and the increase in cheap parallel computing options, brute force attacks against stolen password databases are a new option for attackers who may not have enough computing power on their own. We take a survey of the current availability and cost of cloud computing as it relates to the idea of computational security in the context of breaking password databases. Rather than look at just the increase in computing power available per computer, we look at how computing as a service is raising the barrier for password protections being computationally secure. We look at the set of key stretching functions meant to defeat brute force password attacks with the current cheapest cloud computing service in order to determine what amount of money and effort an attacker would need to compromise a password database. Michael Phox Zachary Sherin Adin Schmahmann Augusta Niles Context In password-based network security systems, there is a general architecture whereby the password is sent from the user device to a service server, which then hashes the password some number of times using a random oracle before storing the password in a database. Authentication is completed by following the same process and checking if the hashed password is correct. If the password is in the database, access permission is granted (See Figure 1). Figure 1 Password-based Security However, the security system above has been shown to have significant vulnerability depending on the method of password encryption. In contrast to informationally secure (intercepting a ciphertext does not yield any more information to change the probability of any plaintext message.
  • How to Break EAP-MD5

    How to Break EAP-MD5

    How to Break EAP-MD5 Fanbao Liu and Tao Xie School of Computer, National University of Defense Technology, Changsha, 410073, Hunan, P.R. China [email protected] Abstract. We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented suc- cessfully even if the underlying hash function MD5 is replaced with SHA- 1 or even SHA-512. Keywords: EAP-MD5, IEEE 802.1X, Challenge and Response, Length Recovery, Password Cracking, Rainbow Table. 1 Introduction IEEE 802.1X [6] is an IEEE Standard for port-based Network Access Con- trol, which provides an authentication mechanism to devices wishing to attach to a Local Area Network (LAN) or Wireless Local Area Network (WLAN). IEEE 802.1X defines the encapsulation of the Extensible Authentication Proto- col (EAP) [4] over IEEE 802 known as “EAP over LAN” (EAPoL). IEEE 802.1X authentication involves three parties: a peer, an authenticator and an authentica- tion server. The peer is a client device that wishes to attach to the LAN/WLAN. The authenticator is a network device, such as a Wireless Access Point (WAP), and the authentication server is typically a host running software supporting the Remote Authentication Dial In User Service (RADIUS) and EAP proto- cols.
  • Rainbow Tables

    Rainbow Tables

    Rainbow Tables Yukai Zang Division of Science and Mathematics University of Minnesota, Morris Morris, Minnesota, USA 56267 [email protected] Table of contents – Introduction & Background – Rainbow table – Create rainbow tables (offline stage) – Use rainbow tables (online stage) – Tests – Conclusion Table of contents – Introduction & Background – Rainbow table – Create rainbow tables (offline stage) – Use rainbow tables (online stage) – Tests – Conclusion Introduction & Background Introduction & Background Your password Hashed value (plain-text) 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Data base Introduction & Background – Hash function Arbitrary Length Input – Map data of arbitrary size onto data of fixed size Hash Function Fixed Length Output Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; Cryptographic 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; Cryptographic 4C5E 9S8D D8S9 Fox Hash function 5T8V A7SE ASD9 Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; – Small change(s) in plain-text will cause huge changes in hashed value; Introduction & Background – Cryptographic hash function – Small change(s) in plain-text will cause huge changes in hashed value; Introduction & Background Introduction & Background – Cryptographic hash function – Same plain-text result in same hashed value; – Fast to compute; – Infeasible to revert back to plain-text from hashed value; – Small change(s) in plain-text will cause huge changes in hashed value; – Infeasible to find two different plain-text with the same hashed value.
  • Password Attacks and Generation Strategies

    Password Attacks and Generation Strategies

    PASSWORD ATTACKS AND GENERATION STRATEGIES Predrag Tasevski Tartu University, Faculty of Mathematics and Computer Sciences, major: Master of Science in Cyber Security May 21, 2011 Table of contents Introduction Methods Ad-hoc models Brute force Rainbow tables Examples and tools Comparison of input dictionary list Test Conclusion INTRODUCTION Password is a secret word or string of characters that is used for authentication in order to prove identity or gain access to a resource[Gill(1997)]. I Usage of password cracking tools I Methods and approaches guessing the passwords I Examples of leaks and generating password dictionaries I Comparison of already cracked passwords from available password dictionaries and I Test METHODS Password cracking is a method of guessing the attack. Types of password cracking methods[Vines(2007)]: I Dictionary I Hybrid I Brute force Ad-hoc models Dictionary attacks - colander rules Example Capitalization the rst letter, adding three digits to the end, changing the letter `a' to `@' etc. Hybrid it adds simple numbers or symbols to the password attempt. Brute force Brute force are fraction of the total words that are made by users creating their passwords. Brute force attacks methods: I Pure brute force [Group(2010)] I Letter frequency analysis attack [Stitson(2003)] I Markov models [Shmatikov Arvind(2005)] I Targeted brute force attacks [WEIR(2010b)] Rainbow tables (1) Rainbow tables are using the reduction functions to create multiple parallel chains within a single "rainbow" table. I Increases the probability of a correct crack for a given table size, the use of multiple reduction functions also greatly increases the speed of look-ups [JeXChen(2011)].
  • How to Handle Rainbow Tables with External Memory

    How to Handle Rainbow Tables with External Memory

    How to Handle Rainbow Tables with External Memory Gildas Avoine1;2;5, Xavier Carpent3, Barbara Kordy1;5, and Florent Tardif4;5 1 INSA Rennes, France 2 Institut Universitaire de France, France 3 University of California, Irvine, USA 4 University of Rennes 1, France 5 IRISA, UMR 6074, France [email protected] Abstract. A cryptanalytic time-memory trade-off is a technique that aims to reduce the time needed to perform an exhaustive search. Such a technique requires large-scale precomputation that is performed once for all and whose result is stored in a fast-access internal memory. When the considered cryptographic problem is overwhelmingly-sized, using an ex- ternal memory is eventually needed, though. In this paper, we consider the rainbow tables { the most widely spread version of time-memory trade-offs. The objective of our work is to analyze the relevance of storing the precomputed data on an external memory (SSD and HDD) possibly mingled with an internal one (RAM). We provide an analytical evalua- tion of the performance, followed by an experimental validation, and we state that using SSD or HDD is fully suited to practical cases, which are identified. Keywords: time memory trade-off, rainbow tables, external memory 1 Introduction A cryptanalytic time-memory trade-off (TMTO) is a technique introduced by Martin Hellman in 1980 [14] to reduce the time needed to perform an exhaustive search. The key-point of the technique resides in the precomputation of tables that are then used to speed up the attack itself. Given that the precomputation phase is much more expensive than an exhaustive search, a TMTO makes sense in a few scenarios, e.g., when the adversary has plenty of time for preparing the attack while she has a very little time to perform it, the adversary must repeat the attack many times, or the adversary is not powerful enough to carry out an exhaustive search but she can download precomputed tables.
  • Breaking GSM with Rainbow Tables

    Breaking GSM with Rainbow Tables

    Steven Meyer March 2010 Breaking GSM with rainbow Tables Abstract Since 1998 the GSM security has been academically broken but no real attack has ever been done until in 2008 when two engineers of Pico Computing (FPGA manufacture) revealed that they could break the GSM encryption in 30 seconds with 200’000$ hardware and precomputed rainbow tables. Since then the hardware was either available for rich people only or was confiscated by government agencies. So Chris Paget and Karsten Nohl decided to react and do the same thing but in a distributed open source form (on torrent). This way everybody could “enjoy” breaking GSM security and operators will be forced to upgrade the GSM protocol that is being used by more than 4 billion users and that is more than 20 years old. GSM Security When an operator signs a contract with a client, he gives the client a SIM card that contains firstly the IMSI (International Mobile Subscriber Identity) which is a unique 15 digit number that indicates the country, operator and mobile number and secondly a secret 128 bit key that is used for authentication and encryption. With these two elements, the operator pretends to guarantee Authentication (unidirectional) and privacy (that will be proven broken) of cell phone users. When a cell phone is connecting to a network there is a phase of authentication (the bill has to be sent to the right person). The phone first sends his IMSI to the network; the network then forwards it to the home operator, if they are different (for example while traveling abroad).
  • Modified SHA1: a Hashing Solution to Secure Web Applications Through Login Authentication

    Modified SHA1: a Hashing Solution to Secure Web Applications Through Login Authentication

    36 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 11, No. 1, April 2019 Modified SHA1: A Hashing Solution to Secure Web Applications through Login Authentication Esmael V. Maliberan Graduate Studies, Surigao del Sur State University, Philippines Abstract: The modified SHA1 algorithm has been developed by attack against the SHA-1 hash function, generating two expanding its hash value up to 1280 bits from the original size of different PDF files. The research study conducted by [9] 160 bit. This was done by allocating 32 buffer registers for presented a specific freestart identical pair for SHA-1, i.e. a variables A, B, C and D at 5 bytes each. The expansion was done by collision within its compression function. This was the first generating 4 buffer registers in every round inside the compression appropriate break of the SHA-1, extending all 80 out of 80 function for 8 times. Findings revealed that the hash value of the steps. This attack was performed for only 10 days of modified algorithm was not cracked or hacked during the experiment and testing using powerful online cracking tool, brute computation on a 64-GPU. Thus, SHA1 algorithm is not force and rainbow table such as Cracking Station and Rainbow anymore safe in login authentication and data transfer. For Crack and bruteforcer which are available online thus improved its this reason, there were enhancements and modifications security level compared to the original SHA1. being developed in the algorithm in order to solve these issues [10, 11]. [12] proposed a new approach to enhance Keywords: SHA1, hashing, client-server communication, MD5 algorithm combined with SHA compression function modified SHA1, hacking, brute force, rainbow table that produced a 256-bit hash code.
  • Breaking the Crypt

    Breaking the Crypt

    2012 Breaking the Crypt Sudeep Singh 5/21/2012 Table of Contents Preface .......................................................................................................................................................... 3 Advanced Hash Cracking ............................................................................................................................... 4 Cryptographic Hash Properties ..................................................................................................................... 5 Hash to the Stash .......................................................................................................................................... 6 Oclhashcat – An insight ............................................................................................................................... 13 The need for Stronger Hashes .................................................................................................................... 19 Fast vs Slow Hashes .................................................................................................................................... 20 How much Salt? .......................................................................................................................................... 21 How Many Iterations?................................................................................................................................. 25 John The Ripper (JTR) – Tweak That Attack! ..............................................................................................
  • Lab 3: MD5 and Rainbow Tables

    Lab 3: MD5 and Rainbow Tables

    Lab 3: MD5 and Rainbow Tables 50.020 Security Hand-out: February 9 Hand-in: February 16, 9pm 1 Objective • Hash password using MD5 • Crack MD5 hashes using brute-force and rainbow tables • Strengthen MD5 hash using salt and crack again the salted hashes • Compete in the hash breaking competition 2 Hashing password using MD5 • To warm up, compute a couple of MD5 hashes of strings of your choice – Observe the length of the output, and whether it depends on length of input • To generate the MD5 hash using the shell, try echo -n "foobar" | md5sum to compute hash of foobar • To generate the MD5 hash using python, use import hashlib module and its hexdigest() function. 3 Brute-Force and dictionary attack • For this exercise, use the fifteen hash values from the hash5.txt • Create a md5fun.py Python 3 script to find the corresponding input to create the challenge hash values • You need only to consider passwords with 5 lowercase and or numeric characters. Compute the hash values for each possible combination. To help reduce the search space we provide a dictionary with newline separated common words in words5.txt. Notice a resulting hash may be generated by a permutation of any word in the list, e.g. hello -> lhelo • Both hash5.txt and words5.txt elements are newline separated • Take note of the computation time of your algorithm to reverse all fifteen hashes. Consider the timeit python module: https://docs.python.org/3.6/library/timeit.html 1 4 Creating Rainbow Tables • Install the program rainbrowcrack-1.6.1-linux64.zip (http://project-rainbowcrack.com/rainbowcrack-1.6.1-linux64.zip).