University Of Piraeus Department Of Digital Systems Postgraduate Programme " Techno-Economic Management and Security Of Digital Systems " MASTER THESIS SUBJECT: PASSWORD CRACKING Supervisor: Xenakis Christos Student: Christofakis Michail Α.Μ: ΜΤΕ1138 PIRAEUS JULY 2013 1 Acknowledgements I would like to thank my teacher and supervisor for this paper, Mr. Christos Xenakis, as for his help in the accomplishment of this dissertation. Also I would like to thank my family for the whole support all this years in giving me the strength to continue making my dreams come true. 2 Abstract Information security is the next big thing in computers society because of the rapidly growing security incidents and the outcomes of those. Hacking and cracking existed even from the start of the eighties decade when there was the first step of the interconnection through the internet between humans. From then and ever after there was a big explosion of such incidents mostly because of the worldwide web which was introduced in the early nineties. Following the huge steps forward of computers evolution till today anyone can now clearly see that security is more than ever important to everyday life. Mainly because everything happens really fast and everything is done online, from communicating with each other to transactions and so on. Finally the possibilities plus the software and hardware offered are endless today, something that gives the opportunity to a malicious person to do some significant damage. Last but not least, attention should be given to security measures and techniques to avoid unhappy situations and security awareness should be a part of everyone’s life where no one is excluded. 3 Summary This paper refers to the use of passwords on computer systems and the ways of attacking them. It also states ways of protecting passwords from cracking and puts through serious testing on some cracking tools. Afterwards it focuses on comparing the efficiency of these cracking tools and it draws some conclusions on their use. Finally future work is left to be done in order to make even greater steps through password security. In the first chapter, a general reference to passwords is made as to what they are and what they consist of. Also an overview is made on the importance of having secure passwords nowadays. Lastly the main methods of attacking passwords are presented. In the second chapter, some ways of making password cracking harder are presented and emphasis is given on how to secure and strengthen passwords in general using salts, key stretching and considering password entropy. Also the classes of attack are presented and the time needed to crack passwords is explained. Moreover, password policies are introduced and guidelines for having secure passwords are given. In the third chapter, some ways to accelerate password cracking are shown and an extensive reference on password cracking tools is made. Also a thorough overview on basic usage is given for four basic and commonly used tools. In the fourth chapter, a hands on experience is demonstrated on how to crack hashes using basic password cracking tools with an emphasis on hashcat tool. It is taken from 2012 contest of Korelogic named CrackMeIfYouCan. There was given several types of hashes and it was requested to crack as many as possible in two days time. So a complete task is presented here on specific hash types like md5. In the final chapter of this paper, the results drawn from the above procedures are gathered and put together in order to be analyzed. Several comparison graphs are made that give valuable information to the reader as to what these tools can do. Lastly special conclusions and suggestions are given considering the whole aspect of password cracking thing and future work is anticipated in the hope of perfectioning the knowledge on the field. 4 Table Of Contents Acknowledgements ...................................................................................................................................2 Abstract .....................................................................................................................................................3 Summary....................................................................................................................................................4 Figure Table ...............................................................................................................................................7 Introduction...............................................................................................................................................9 1.INTRODUCTION TO PASSWORDS .........................................................................................................10 1.1 What is a password........................................................................................................................10 1.2 Passphrase & password.................................................................................................................10 1.3 Introduction to password cracking................................................................................................11 1.4 Main Methods of Attack................................................................................................................11 1.4.1 Weak encryption.....................................................................................................................11 1.4.2 Encryption of cases (Guessing) ..............................................................................................12 1.4.3 Phishing...................................................................................................................................12 1.4.4 Social engineering...................................................................................................................12 1.4.5 Malware..................................................................................................................................13 1.4.6 Offline cracking.......................................................................................................................13 1.4.7 Spidering.................................................................................................................................13 1.4.8 Brute-Force attack ..................................................................................................................13 1.4.10 Hybrid attack.........................................................................................................................13 1.4.9 Dictionary attack.....................................................................................................................14 1.4.1 Lookup Tables.........................................................................................................................14 1.4.11 Reverse Lookup Tables .........................................................................................................14 1.4.11 Rainbow tables.....................................................................................................................14 1.5 Hacks , Cracks ................................................................................................................................15 2.HOW TO MAKE PASSWORD CRACKING HARDER .................................................................................16 2.1 Password entropy..........................................................................................................................16 2.2 Key stretching ................................................................................................................................18 2.3 Salting ............................................................................................................................................19 2.4 Time needed to crack passwords ..................................................................................................20 2.5 Classes of Attack............................................................................................................................20 2.6 Password creation .........................................................................................................................24 2.7 Password policy .............................................................................................................................25 5 2.8 Guidelines for creating strong passwords .....................................................................................26 3.USING PASSWORD CRACKING TOOLS ..................................................................................................27 3.1 How to make password cracking faster.........................................................................................27 3.1.1 GPU’s ......................................................................................................................................27 3.1.2 Computer clusters ..................................................................................................................27 3.2 Most Used Programms ..................................................................................................................28 3.2.1 CAIN & ABEL............................................................................................................................30 3.2.2 RAINBOW CRACK....................................................................................................................31
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages74 Page
-
File Size-