SlideShare a Scribd company logo

Cryptography implementation weaknesses: based on true story

Download as ODP, PDF
V
Vlatko Kosturjak

Vlatko Kosturjak discusses weaknesses found in a Cisco SHA256 password hash implementation. He describes how he was able to determine the hash was using an insecure custom charset and no salt or iterations. This allowed him to crack the hash using rainbow tables. He created tools to convert Cisco configuration files to the John the Ripper format and cracked multiple passwords. His recommendations include implementing stronger cryptography, avoiding password reuse, and working with security researchers to improve implementations.

Technology
1 of 20
#fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
Elephant in the room...
Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
Story goes on... http://www.openwall.com/lists/john-dev/2013/03/12/5
Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
Over? Not yet!
cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
Public advisory http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN

Recommended

my portfoliopresentation
my portfoliopresentationmy portfoliopresentation
my portfoliopresentationJoseReyes
 
Perfiles
PerfilesPerfiles
PerfilesDianaPaolaFrancoGavi
 
New text document
New text documentNew text document
New text documentsskchaitu
 
Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Francesco Laurita
 
Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Deepanshu Gajbhiye
 
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE
 
JS in Space
JS in SpaceJS in Space
JS in SpaceRyan Kotzen
 

Recommended

my portfoliopresentation
my portfoliopresentationmy portfoliopresentation
my portfoliopresentationJoseReyes
 
Perfiles
PerfilesPerfiles
PerfilesDianaPaolaFrancoGavi
 
New text document
New text documentNew text document
New text documentsskchaitu
 
Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Roll your own web crawler. RubyDay 2013
Roll your own web crawler. RubyDay 2013Francesco Laurita
 
Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Linux Privilege Escalation with Lin Security.
Linux Privilege Escalation with Lin Security.Deepanshu Gajbhiye
 
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...
CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Se...CODE BLUE
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE
 
JS in Space
JS in SpaceJS in Space
JS in SpaceRyan Kotzen
 
iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - Infinum
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubySource Conference
 
Cocina conxamarin
Cocina conxamarinCocina conxamarin
Cocina conxamarinJosé Manuel Montero Ortega
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)ly2wf
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search enginesUmar Ali
 
Link download
Link downloadLink download
Link downloadNadzirah Md Rashid
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Almir Mendes
 
Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSVlatko Kosturjak
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! Sean Prunka
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)Sean Prunka
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidorMauricio Vieira
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersJuho Teperi
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine LearningTarek Hoteit
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on ClojureEunPyoung Kim
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFrederic Descamps
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 

More Related Content

What's hot

iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - Infinum
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubySource Conference
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)ly2wf
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search enginesUmar Ali
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Almir Mendes
 

What's hot (7)

iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 - iOS Zagreb Meetup #02 -
iOS Zagreb Meetup #02 -
 
Stephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat RubyStephen Ridley - Greyhat Ruby
Stephen Ridley - Greyhat Ruby
 
Cocina conxamarin
Cocina conxamarinCocina conxamarin
Cocina conxamarin
 
Office doc (10)
Office doc (10)Office doc (10)
Office doc (10)
 
File hosting search engines
File hosting search enginesFile hosting search engines
File hosting search engines
 
Link download
Link downloadLink download
Link download
 
Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"Palestra "Do PHP ao Rails"
Palestra "Do PHP ao Rails"
 

Similar to Cryptography implementation weaknesses: based on true story

Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSVlatko Kosturjak
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! Sean Prunka
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)Sean Prunka
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]Ross Spencer
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidorMauricio Vieira
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersJuho Teperi
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine LearningTarek Hoteit
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on ClojureEunPyoung Kim
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFrederic Descamps
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
Ripping web accessible .git files
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git filesVlatko Kosturjak
 
Don't Think Websites, think data
Don't Think Websites, think dataDon't Think Websites, think data
Don't Think Websites, think dataMike Ellis
 
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02World Sports Boats
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
 

Similar to Cryptography implementation weaknesses: based on true story (20)

Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCS
 
<?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny! <?php>Hello Worl...Ooo Shiny!
<?php>Hello Worl...Ooo Shiny!
 
<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)<?php>m doing! (shh, yes you do.)
<?php>m doing! (shh, yes you do.)
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]ASA Trial Workshop Slides for Archives NZ [2016-09-28]
ASA Trial Workshop Slides for Archives NZ [2016-09-28]
 
Node js javascript no lado do servidor
Node js javascript no lado do servidorNode js javascript no lado do servidor
Node js javascript no lado do servidor
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
Webbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript DevelopersWebbisauna - ClojureScript for Javascript Developers
Webbisauna - ClojureScript for Javascript Developers
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in style
 
DIY Applied Machine Learning
DIY Applied Machine LearningDIY Applied Machine Learning
DIY Applied Machine Learning
 
Using FXML on Clojure
Using FXML on ClojureUsing FXML on Clojure
Using FXML on Clojure
 
Fosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkitFosdem managing my sql with percona toolkit
Fosdem managing my sql with percona toolkit
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
 
Racing with Droids
Racing with DroidsRacing with Droids
Racing with Droids
 
Ripping web accessible .git files
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git files
 
Don't Think Websites, think data
Don't Think Websites, think dataDon't Think Websites, think data
Don't Think Websites, think data
 
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
Dontthinkwebsitesthinkdatafinal 090713100859 Phpapp02
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Cryptography implementation weaknesses: based on true story

  • 1. #fsec Cryptography implementation weaknesses based on true story Vlatko Kosturjak https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN
  • 2. Agenda ● True story – my perspective ● I got this hash... – What it is? – Is it vulnerable? – How I can crack it? ● Recommendations ● Summary ● Questions
  • 3. Elephant in the room...
  • 4. Let's start with the hashes! :) http://www.openwall.com/lists/john-dev/2013/03/15/10
  • 5. Somewhere in the galaxy... http://www.openwall.com/lists/john-dev/2013/03/06/5
  • 6. Let's look closer! Same hash for same password different user? ● Password reuse identification ● Password frequency ● Memory-time trade off vulnerability ● Rainbow tables ● Lookup ● Pot file ● Database ● On-line
  • 8. Finding what it is.. ● “...My only advise is to just pretend you found this hash and have no clue where it came from. Now try the first two things that you should do when you find a 43 character hash with uppercase and lowercase letters, numbers, dot, and forward slash. Hmm that might be too much info...” Sc00bz64 on john-dev ● Formats – Crypt – Hex – Base64 – ...
  • 9. So, what it is? In short, please! ● BASE64 with custom charset – ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXY Zabcdefghijklmnopqrstuvwxyz ● SHA256 ● No salt ● No iteration ● Length – 1-25 characters
  • 10. Cisco SHA256 implementation ● First implementation in PHP – http://pastebin.com/1yCLwyVY ● First implementation in Perl – http://www.openwall.com/lists/john-dev/2013/03/16/12 – https://gist.github.com/kost/5177541 ● Time to crack! :) https://twitter.com/k0st/status/312988851138355201
  • 11. First C implementation as new format type in john http://www.openwall.com/lists/john-dev/2013/03/16/7 https://github.com/kholia/JohnTheRipper/tree/cisco-type-4
  • 12. Wait a minute? ● It is Base64 with custom iteration – Decode it! – And encode it correctly ● How john likes it ;) ● What that means? – No need for new john format – SHA256 exists already ● CPU ● GPU
  • 14. cisco2john.pl $ ./cisco2john.pl cisco.conf >cisco.in 2>cisco.seed $ cat cisco.in enable_secret_level_2:5e884898da28047151d0e56f8dc62 92773603d0d6aabbdd62a11ef721d1542d8 enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • 15. cisco2john.pl multiple configurations $ ls *conf 127.0.0.1-startup-config 127.0.0.1-running-config [..] 192.168.1.1-startup-config 192.168.1.1-running-config $ cat *.conf | ./cisco2john.pl >cisco.in 2>cisco.seed $ ./john -wo:cisco.seed -rules cisco.in https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/cisco2john.pl
  • 17. Password types sorted by recommendations Password type Method 5 MD5 4 SHA256 (no salt) 7 Decode 0 Plaintext
  • 18. Recommendations ● Implementators – Think about implementation of your crypto ● Even big guys missed it – Implement basic checks ● Users – Don't use type 4, use 5 – Don't use 7/0/4 in short ;) – Password reuse is problem – Don't mix same passwords with different password types
  • 19. Summary ● Crypto implementations can be bad – Nothing new ● “Improving” crypto is two way direction ● Working together – Less time – more rock – There are smart people out there ● John-dev ● Nmap-dev ● Metasploit ● ...
  • 20. Thanks for your time Questions? https://twitter.com/k0st BM-2D972vHJXV8nwaFG6vUfEmy5tFjrE97edN