SlideShare ist ein Scribd-Unternehmen logo

WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING

Positive Hack Days
Positive Hack Days

WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING PHDays V Sylvain Pelissier, Roman Korkikian May 26, 2015
IN BRIEF Password hashing Password cracking eCryptfs presentation eCryptfs salting problem Correction Questions 2
PASSWORD HASHING 3
PASSWORD CRACKING From the hash recover the password value. 4
BRUTEFORCE 1. Get the hash file /etc/shadow 2. For all possible password, compute H(password) until a match is found in the file. 3. Output password 5
PRE-COMPUTED DICTIONNARY ATTACK 1. Create a database of all (password, H(password)). 2. To crack a given password hash, check if it is in the database. 3. Output the corresponding password 6
RAINBOW TABLE ATTACK Trade-off between computation and memory. 7
SALTING Compute H(salt||password) instead of H(password) and store both salt and hash. Make dictionary and rainbow table attacks much more difficult but not bruteforce attack. Salting is used in most modern systems i.e Linux uses 5000 iterations of SHA-512 with randomly generated salt. 8
PASSWORD CRACKING Well studied problem. Several optimized tools: John the ripper (www.openwall.com/john). hashcat (hashcat.net/oclhashcat). Password Hashing Competition (PHC) to select new password hashing algorithms (password-hashing.net). Hashrunner contest 9
ECRYPTFS File encryption software (ecryptfs.org). Included in the Linux Kernel. Used for user home folder encryption by Ubuntu. 10
ECRYPTFS UTILS 11
ECRYPTFS UTILS 1. During creation of the encrypted home folder, a passphrase (16 bytes by default) is randomly generated. 2. The passphrase is use for file encryption (AES by default). 3. The passphrase is stored encrypted in the file: /home/.ecrpytfs/$USER/.ecrpytfs/wrapped-passphrase 4. The process of passphrase encryption is called key wrapping. 12
KEY WRAPPING 13
KEY WRAPPING 14
KEY WRAPPING 15
KEY UNWRAPPING 16
ECRYPTFS DEFAULT SALT 1. eCryptfs uses a salt for the key wrapping process. 2. However, if not specified in the file ~/.ecryptfsrc, the salt has always the same value (0x0011223344556677) for every installations. 3. If the whole home folder is encrypted then it is not possible to use another salt value than default. 17
ECRYPTFS For simplicity, in Ubuntu, the wrapping password is directly the user password ! With the default salt, dictionary and rainbow table attacks against the user password are feasible with the wrapping key signature. 18
JOHN THE RIPPER eCryptfs signature cracking has been already implemented in John the ripper 1.8.0-jumbo: $ecryptfs$0$1$0011223344556677$21ff10301b5457e1 Python script ecryptfs2john.py exports the signature from the wrapped-passphrase file to John the ripper format. 19
RESULTS We computed a dictionary of key signatures of the rockyou file (~14 millions passwords) for the default salt. It took us one month on a standard computer. The dictionary can now be used to reverse a signature instantly. (Available at: https://github.com/kudelskisecurity) 20
CORRECTION Default salt problem has been already reported in bug #906550. For our findings about Ubuntu, a new CVE #2014-9687 was opened and quickly fixed by eCryptfs developers. 21
CORRECTION New file format for wrapped-passphrase file starts with 0x3a02. Salt is generated from /etc/urandom/ and stored in the same file by default Old version files are automatically converted after the update. Hashing speed makes it a less attractive target now for password cracking. JTR Python script updated to crack new file format. 22
CORRECTION 23
CONCLUSION As soon as password is used for other features it increases attack surface. New key derivation functions could be used in eCryptfs: PBKDF2 PHC candidates 24
25
JOHN THE RIPPER eCryptfs: $ ./john pass.txt Loaded 1 password hash (eCryptfs [65536x SHA-512]) Will run 4 OpenMP threads Press ’q’ or Ctrl-C to abort, almost any other key for status test (?) 1g 0:00:00:01 DONE 2/3 (2015-03-11 16:04) 0.6666g/s 149.3p/s 149.3c/s 149.3C/s lacrosse..topgun Use the "-show" option to display all of the cracked passwords reliably Session completed 26
JOHN THE RIPPER Linux password: $ ./john pass.txt Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 64/64 OpenSSL]) Will run 4 OpenMP threads Press ’q’ or Ctrl-C to abort, almost any other key for status 0g 0:00:00:03 2/3 0g/s 1771p/s 1771c/s 1771C/s Sandy..Mayday Session aborted 27

Empfohlen

BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA Presentation
Jorge Orchilles
 
3 manual installation of open vpn
3 manual installation of open vpn3 manual installation of open vpn
3 manual installation of open vpn
Ashwajit Maske
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
Jean-Marie Renouard
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
 
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOSบล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
Tũi Wichets
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
Tiago Cruz
 
Python setup
Python setupPython setup
Python setup
Ryo Miyake
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardening
archwisp
 

Empfohlen

BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA Presentation
Jorge Orchilles
 
3 manual installation of open vpn
3 manual installation of open vpn3 manual installation of open vpn
3 manual installation of open vpn
Ashwajit Maske
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
Jean-Marie Renouard
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
 
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOSบล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
บล๊อกเวปไซท์ บน Open WRT หรือ บน Ubiquiti NanoStation M5 หรือ บน airOS
Tũi Wichets
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
Tiago Cruz
 
Python setup
Python setupPython setup
Python setup
Ryo Miyake
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardening
archwisp
 
Downloads
DownloadsDownloads
Downloads
energetictongue26
 
Red Hat Linux cheat sheet
Red Hat Linux cheat sheetRed Hat Linux cheat sheet
Red Hat Linux cheat sheet
Rafael Montesinos Muñoz
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"
Francesco Prior
 
บทท 7
บทท 7บทท 7
บทท 7
J-Kitipat Vatinivijet
 
Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7
Technopark
 
Reflink
ReflinkReflink
Reflink
The Linux Foundation
 
repositor.io - Simple Repository Management
repositor.io - Simple Repository Managementrepositor.io - Simple Repository Management
repositor.io - Simple Repository Management
inovex GmbH
 
Présentation Clever Audit
Présentation Clever AuditPrésentation Clever Audit
Présentation Clever Audit
clevernetsystemsgeneva
 
Red Hat Certified Engineer (RHCE) EX294 Exam Questions
Red Hat Certified Engineer (RHCE) EX294 Exam QuestionsRed Hat Certified Engineer (RHCE) EX294 Exam Questions
Red Hat Certified Engineer (RHCE) EX294 Exam Questions
Study Material
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.
luigi capuzzello
 
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStackTechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
Naoto Gohko
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
Davide Cioccia
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?
Alexandre Moneger
 
CentOS_slide_ver1.0
CentOS_slide_ver1.0CentOS_slide_ver1.0
CentOS_slide_ver1.0
Satoshi Kume
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry manager
Toshiaki Baba
 
Learn Python
Learn PythonLearn Python
Learn Python
Datio Big Data
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
Sayoo odoo open_erp
Sayoo odoo open_erpSayoo odoo open_erp
Sayoo odoo open_erp
AmineArrahmane Achargui
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
Sam Kim
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
Codemotion
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
Roberto Franchini
 

Weitere ähnliche Inhalte

Was ist angesagt?

Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7
Technopark
 

Was ist angesagt? (19)

Downloads
DownloadsDownloads
Downloads
 
Red Hat Linux cheat sheet
Red Hat Linux cheat sheetRed Hat Linux cheat sheet
Red Hat Linux cheat sheet
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"
 
บทท 7
บทท 7บทท 7
บทท 7
 
Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7Безопасность интернет-приложений осень 2013 лекция 7
Безопасность интернет-приложений осень 2013 лекция 7
 
Reflink
ReflinkReflink
Reflink
 
repositor.io - Simple Repository Management
repositor.io - Simple Repository Managementrepositor.io - Simple Repository Management
repositor.io - Simple Repository Management
 
Présentation Clever Audit
Présentation Clever AuditPrésentation Clever Audit
Présentation Clever Audit
 
Red Hat Certified Engineer (RHCE) EX294 Exam Questions
Red Hat Certified Engineer (RHCE) EX294 Exam QuestionsRed Hat Certified Engineer (RHCE) EX294 Exam Questions
Red Hat Certified Engineer (RHCE) EX294 Exam Questions
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.
 
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStackTechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
TechOYAJI 2014 tokyo summer LT; CentOS7 and RDO Icehouse OpenStack
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?
 
CentOS_slide_ver1.0
CentOS_slide_ver1.0CentOS_slide_ver1.0
CentOS_slide_ver1.0
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry manager
 
Learn Python
Learn PythonLearn Python
Learn Python
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
 
Sayoo odoo open_erp
Sayoo odoo open_erpSayoo odoo open_erp
Sayoo odoo open_erp
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
 

Ähnlich wie WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING

Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
David - Fpga - ClubHack2007
David - Fpga - ClubHack2007David - Fpga - ClubHack2007
David - Fpga - ClubHack2007
ClubHack
 

Ähnlich wie WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING (20)

Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Cracking
 
Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails application
 
Secure password storing with saltedpasswords in TYPO3
Secure password storing with saltedpasswords in TYPO3Secure password storing with saltedpasswords in TYPO3
Secure password storing with saltedpasswords in TYPO3
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Cracking Salted Hashes
Cracking Salted HashesCracking Salted Hashes
Cracking Salted Hashes
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for Developers
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
 
David - Fpga - ClubHack2007
David - Fpga - ClubHack2007David - Fpga - ClubHack2007
David - Fpga - ClubHack2007
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
 
Redis — memcached on steroids
Redis — memcached on steroidsRedis — memcached on steroids
Redis — memcached on steroids
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Devoxx 17 - Swift server-side
Devoxx 17 - Swift server-sideDevoxx 17 - Swift server-side
Devoxx 17 - Swift server-side
 
Passwords & security
Passwords & securityPasswords & security
Passwords & security
 

Mehr von Positive Hack Days

Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
Positive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
Positive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Positive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Positive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
Positive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
Positive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 

Mehr von Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING

  • 1. WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING PHDays V Sylvain Pelissier, Roman Korkikian May 26, 2015
  • 2. IN BRIEF Password hashing Password cracking eCryptfs presentation eCryptfs salting problem Correction Questions 2
  • 4. PASSWORD CRACKING From the hash recover the password value. 4
  • 5. BRUTEFORCE 1. Get the hash file /etc/shadow 2. For all possible password, compute H(password) until a match is found in the file. 3. Output password 5
  • 6. PRE-COMPUTED DICTIONNARY ATTACK 1. Create a database of all (password, H(password)). 2. To crack a given password hash, check if it is in the database. 3. Output the corresponding password 6
  • 7. RAINBOW TABLE ATTACK Trade-off between computation and memory. 7
  • 8. SALTING Compute H(salt||password) instead of H(password) and store both salt and hash. Make dictionary and rainbow table attacks much more difficult but not bruteforce attack. Salting is used in most modern systems i.e Linux uses 5000 iterations of SHA-512 with randomly generated salt. 8
  • 9. PASSWORD CRACKING Well studied problem. Several optimized tools: John the ripper (www.openwall.com/john). hashcat (hashcat.net/oclhashcat). Password Hashing Competition (PHC) to select new password hashing algorithms (password-hashing.net). Hashrunner contest 9
  • 10. ECRYPTFS File encryption software (ecryptfs.org). Included in the Linux Kernel. Used for user home folder encryption by Ubuntu. 10
  • 12. ECRYPTFS UTILS 1. During creation of the encrypted home folder, a passphrase (16 bytes by default) is randomly generated. 2. The passphrase is use for file encryption (AES by default). 3. The passphrase is stored encrypted in the file: /home/.ecrpytfs/$USER/.ecrpytfs/wrapped-passphrase 4. The process of passphrase encryption is called key wrapping. 12
  • 17. ECRYPTFS DEFAULT SALT 1. eCryptfs uses a salt for the key wrapping process. 2. However, if not specified in the file ~/.ecryptfsrc, the salt has always the same value (0x0011223344556677) for every installations. 3. If the whole home folder is encrypted then it is not possible to use another salt value than default. 17
  • 18. ECRYPTFS For simplicity, in Ubuntu, the wrapping password is directly the user password ! With the default salt, dictionary and rainbow table attacks against the user password are feasible with the wrapping key signature. 18
  • 19. JOHN THE RIPPER eCryptfs signature cracking has been already implemented in John the ripper 1.8.0-jumbo: $ecryptfs$0$1$0011223344556677$21ff10301b5457e1 Python script ecryptfs2john.py exports the signature from the wrapped-passphrase file to John the ripper format. 19
  • 20. RESULTS We computed a dictionary of key signatures of the rockyou file (~14 millions passwords) for the default salt. It took us one month on a standard computer. The dictionary can now be used to reverse a signature instantly. (Available at: https://github.com/kudelskisecurity) 20
  • 21. CORRECTION Default salt problem has been already reported in bug #906550. For our findings about Ubuntu, a new CVE #2014-9687 was opened and quickly fixed by eCryptfs developers. 21
  • 22. CORRECTION New file format for wrapped-passphrase file starts with 0x3a02. Salt is generated from /etc/urandom/ and stored in the same file by default Old version files are automatically converted after the update. Hashing speed makes it a less attractive target now for password cracking. JTR Python script updated to crack new file format. 22
  • 24. CONCLUSION As soon as password is used for other features it increases attack surface. New key derivation functions could be used in eCryptfs: PBKDF2 PHC candidates 24
  • 25. 25
  • 26. JOHN THE RIPPER eCryptfs: $ ./john pass.txt Loaded 1 password hash (eCryptfs [65536x SHA-512]) Will run 4 OpenMP threads Press ’q’ or Ctrl-C to abort, almost any other key for status test (?) 1g 0:00:00:01 DONE 2/3 (2015-03-11 16:04) 0.6666g/s 149.3p/s 149.3c/s 149.3C/s lacrosse..topgun Use the "-show" option to display all of the cracked passwords reliably Session completed 26
  • 27. JOHN THE RIPPER Linux password: $ ./john pass.txt Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 64/64 OpenSSL]) Will run 4 OpenMP threads Press ’q’ or Ctrl-C to abort, almost any other key for status 0g 0:00:00:03 2/3 0g/s 1771p/s 1771c/s 1771C/s Sandy..Mayday Session aborted 27