By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I'll demonstrate which dictionary attacks and password cracking strategies are the most effective. I will also discuss the building of passphrase dictionaries. The password and passphrase cracking will be performed primarily using Amazon EC2 and the time, cost, and resource constraints of EC2 and other options will be analyzed.
Versions of this talk were also presented at Hack3rCon, DerbyCon, and SOURCE Seattle.
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by Steve Werby at ISACA San Antonio]
1. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Building Dictionaries and
Destroying Hashes using
Amazon EC2
Steve Werby
[President | Security Researcher | Security Consultant]
Befriend
2. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Infosec since 1999
2. Former (CISO)3
3. BS Industrial Engineering, MBA, certs
4. Presented at Hack3rCon, SecTor, DerbyCon, ShmooCon,
ConSec, SOURCE Conference, LASCON, BSidesDFW, VA SCAN, EDUCAUSE,
InfraGard, OWASP, ISSA, AITP, IEEE, …
3. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments
2. Freely available assessment tools
3. Assessment methodologies
4. Buy or rent
5. Utilizing EC2
6. Hashing algorithm
7. Passphrases vs. passwords
Presentation goals
4. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Have a question? Ask!
Have a comment? Share!
I’ll ask some questions too.
5. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
One-way functions (non-reversible)
Outputs a fixed-length string (unique…usually)
Such as MD5, SHA1, NTLM, and WPA
781ab37e7553fef1809efdf8cff656dc
54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Hashes
1. Username: steve, Password: 2012Election
2. Transmitted to server
3. md5(“2012Election”)
4. Output compared to value stored on server
5. If match, successful login
6. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
String concatenated with password pre-hashing
Salt is rand(a-z) – can be from a larger key space
md5(“w2012Election”)
Stored in password DB as w:2012Election
781ab37e7553fef1809efdf8cff656dc
54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Salts
1. Key space increased by factor of 26
2. Identical password != identical hash
3. Precomputation data storage increased
7. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Cracking strategies
1. Precompute hashes for a set of strings
2. Enumerate password hash file
3. Search for match in precomputation file
Precomputation
781ab37e75 fc93d481c1:hunger
fdaa4719ed fdaa3b7c0d:earring
ffe81a52d2 fdaa4719ed:ISACA
8. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Cracking strategies
1. Enumerate a set of strings
2. Hash the strings
3. Search for match in password hash file
String enumeration
fc93d481c1 ISABY:e715b3aca
fdaa4719ed ISABZ:9c74be0d1a
ffe81a52d2 ISACA:fdaa4719ed
ISACB:0b27cca621
9. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Number of tests needed
Time per test
10. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
NTLM:
MD5:
SHA1:
LM:
SHA512:
60x
40x
20x
10x
x
11. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Length
Composition
Complexity
Aging
Construction prohibitions
Reuse
Memorization and storage
Your password policy?
Password policies
12. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Password aging was
intended to reduce the time
a bad actor had to guess a
password. With modern
computing power, this
control isn’t logical and
results in undesirable
user behavior and
reduces IT/infosec trust.
13. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Gain intelligence about user behavior
2. Assess password policies and user education
3. Strengthen argument for…
technical controls
policy changes
algorithm changes
2FA
But why do it?
14. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
John the Ripper
hashcat[-plus|-lite]
Cryptohaze Multiforcer
15. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Key space = set of strings to enumerate
A-Z = 26, a-z = 26, 0-9 = 10
[A-Z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][0-9]
(26)^1 * (26)^8 * (10)^1
13,537,086,546,263,600 ≈ 13.5 thousand trillion
Password1
Key space / brute force attack
16. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Average adult vocabulary?
Key space = dictionary size
alamo
Dictionary attack
17. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Average adult vocabulary?
Key space = dictionary size
RockYou exposure analysis
18. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Transformations like using config file to set rules:
Duplication
Reversal
Appending
Repeating
Key space of dictionary attack * transformations
Alamo!, omal, aallaammoo
Rule attack
19. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Combines strings from one dictionary with
strings from another
Dictionary 1 = 10,000 strings
Dictionary 2 = 50,000 strings
Combinations = 500 million
Vs. ~5.4 trillion for [a-z]^9 key space
Reduces key space by 99.99%
1 day => 8 seconds
alamocity
Combinator attack
20. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
It’s Str0ng!
-1 ?u -2 ?l -3 ?d
?1?2?2?2?2?2?2?2?3
Reduces key space by 99.98%
1 day => 13 seconds
Password1
Mask attack
21. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
It’s Str0ng!
Dictionary + mask
Mask + dictionary
Dictionary
?1?2?2?2?2?2?2?2?3
Reduces key space by 99.98%
1 day => 13 seconds
Password1
Hybrid attack
22. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
27% of alphabet
But 62% of first letters of English word usage!
-1 TASHWIOtashwio -2 ?u?l
?1?2?2?2?2?2?2?2
Reduces key space by 73%
1 day => 6.5 hours
TASHWIO
Work smart, not hard
23. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
RockYou – 32.6M plaintext
eHarmony – 1.5M unsalted MD5
LinkedIn – 6.5M unsalted SHA1
Gawker – 1.3M unsalted DES
Large password leaks
24. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
First 1 million of 1.5
million eHarmony
passwords posted
online in June 2012
Unsalted MD5s
Analyzing eHarmony’s hashes
25. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
A CPU isn’t bad, but…
26. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
27. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Use existing hardware
2. Build a cracking box (GPU-based)
3. Look at cloud service providers
My options
28. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Beefy PSU
Adequate cooling and electrical
CPU and RAM relatively unimportant
Multiple GPUs
Build your own
29. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Had utilized Amazon EC2 service
No capital investment to test it
On-demand
Scalable
Had an option that included GPUs
Amazon EC2
30. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
31. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
32. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
33. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
34. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
35. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
36. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
37. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Type of system
Data transfer
Data storage
Purchase
options
38. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Zelda ($0-ish/hour)
Pathetic Dell Latitude
Yoda ($0.32/hour)
64-bit Ubuntu Server 12.04 LTS
m1.large (7.5GB RAM, 4 EC2 Compute Units)
Xzibit ($2.10/hour)
64-bit Cluster GPU Amazon Linux AMI
cg1.4xlarge (22GB RAM, 33.5 EC2 Compute Units)
Wiggum (TBD)
Yoda (Grand Master) + 5 Jedi Knights
The systems
39. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
51 tests
Group 3 – masking
Group 4 – rules
Group 5 – combinations
Group 6 – hybrid (common prefixes + mask)
Group 7 – hybrid (new dictionary + mask)
Group 8 – hybrid (mask + common suffix)
Group 9 – TASHWIO + mask
The tests
40. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Define sequence of jobs to run
Analyze results (during and after job)
Eliminate or adjust jobs based on results
Create new dictionaries
Create new rules
Re-run jobs using new dictionaries and rules
Process
41. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
No lowercase letters!?
Whoops!
Analyzing eHarmony’s hashes
42. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Do not truncate the
password. Do not transform
it to uppercase or
lowercase. Do not limit the
number of characters that
can be utilized. Do not
limit the user to a weak
password.
43. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Results on Xzibit
44. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use long, unpredictable,
random salts. Better still
use bcrypt or PBKDF2.
45. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments – insight
2. Freely available assessment tools – hashcat, Cryprtohaze
3. Assessment methodologies – iterative, intelligent
4. Buy or rent – depends on use case and constraints
5. Utilizing EC2 – fast, easy, flexible
6. Hashing algorithm – bcrypt or PBKF2
7. Passphrases vs. passwords – passphrases…for now
Presentation goals recapped
46. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
$2.10/hour
54% cracked in 1 hour => $2.10
69% cracked in 3 hours => $6.30
77% cracked in 9 hours => $18.90
Cost
47. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Do not tell your colleagues
the cloud is evil because
you lack visibility. Or
control. Or because you can
do security better. They
will not care. You will lose
credibility. You will be
excluded. And you will lose.
48. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Xzibit – 1.6B/s
Yoda – 6.2M/s
Zelda – 14k/s
Peak speeds
49. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Xzibit = 258 * Yoda
Xzibit = $2.10 / hour
Yoda = $0.32 / hour
1 hour on Xzibit = 258 hours on Yoda
258 * $0.32 = $82.56
Yoda is 3,831% more expensive
Is EC2 worth it?
50. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use fast algorithm (say what!?)
No salt
[Reused|short|non-random] salt
Roll your own algorithm
Split the hash file?
Split the password candidates?
Workload distribution strategy
51. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use fast algorithm (say what!?)
No salt
[Reused|short|non-random] salt
Roll your own algorithm
1M hashes: 833s
100k hashes: 742s
10% of key space
89% of duration
Split the password candidates
Workload distribution strategy
52. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
53. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments – insight
2. Freely available assessment tools – hashcat, Cryprtohaze
3. Assessment methodologies – iterative, intelligent
4. Buy or rent – depends on use case and constraints
5. Utilizing EC2 – fast, easy, flexible
6. Hashing algorithm – bcrypt or PBKF2
7. Passphrases vs. passwords – passphrases…for now
What’s next
54. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
55. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Sentences
Strings of words (careful!)
Mnemonics (acronyms)
Transformations similar to password
construction
Passphrases
56. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Crowdsource
Beg for orgs to share them
Wait until they’re leaked
Build our own
Acquiring passphrase candidates
57. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books
Movie scripts
Song lyrics
Tweets
Any file that contains phrases or sentences
Acquiring passphrase candidates
58. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books
Movie scripts
Song lyrics
Tweets
Any file that contains phrases or sentences
Dictator – instructs on what files to get
Miner – acquires files
Hasher – hashes for uniqueness
Hoarder – adds to queue
Grabber – pulls file from queue
Converter – converts to plaintext
Massager – converts to lower
Passphrase builder
59. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books
Movie scripts
Song lyrics
Tweets
Any file that contains phrases or sentences
Splitter 1 – splits by sentence
Splitter 2 – splits by word
Parser – generates strings and acronyms
Recorder – adds to DB
Generator – sort, create acronyms, create
output
Passphrase builder
60. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books
Movie scripts
Song lyrics
Tweets
Any file that contains phrases or sentences
A person who never made a mistake never tried
anything new.
apwnmamntan
a person who never
person who never
person who never made
Ranking
Search engine results
Frequency in DB
Matches against leaks
Passphrase builder
61. Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Q&A
Steve Werby
steve@befriend.com
Twitter: @stevewerby
http://www.linkedin.com/in/werby