building dictionaries and destroying hashes using amazon ec2 [presented by steve werby at isaca san...

Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012

Building Dictionaries and Destroying Hashes using Amazon EC2

Steve Werby[President | Security Researcher | Security Consultant]Befriend


1. Infosec since 19992. Former (CISO)3

3. BS Industrial Engineering, MBA, certs4. Presented at Hack3rCon, SecTor, DerbyCon, ShmooCon,

ConSec, SOURCE Conference, LASCON, BSidesDFW, VA SCAN, EDUCAUSE, InfraGard, OWASP, ISSA, AITP, IEEE, …


1. Value of password resiliency assessments2. Freely available assessment tools3. Assessment methodologies4. Buy or rent5. Utilizing EC26. Hashing algorithm 7. Passphrases vs. passwords

Presentation goals


Have a question? Ask! Have a comment? Share! I’ll ask some questions too.


One-way functions (non-reversible) Outputs a fixed-length string (unique…usually) Such as MD5, SHA1, NTLM, and WPA

781ab37e7553fef1809efdf8cff656dc54e18a5ad5152bd439efe9f1ae53506416bf7cf7

Hashes

1. Username: steve, Password: 2012Election2. Transmitted to server3. md5(“2012Election”)4. Output compared to value stored on server5. If match, successful login


String concatenated with password pre-hashing Salt is rand(a-z) – can be from a larger key space md5(“w2012Election”) Stored in password DB as w:2012Election

781ab37e7553fef1809efdf8cff656dc54e18a5ad5152bd439efe9f1ae53506416bf7cf7

Salts

1. Key space increased by factor of 262. Identical password != identical hash3. Precomputation data storage increased


Cracking strategies

1. Precompute hashes for a set of strings2. Enumerate password hash file3. Search for match in precomputation file

Precomputation

781ab37e75 fc93d481c1:hungerfdaa4719ed fdaa3b7c0d:earringffe81a52d2 fdaa4719ed:ISACA


Cracking strategies

1. Enumerate a set of strings2. Hash the strings3. Search for match in password hash file

String enumeration

fc93d481c1 ISABY:e715b3acafdaa4719ed ISABZ:9c74be0d1affe81a52d2 ISACA:fdaa4719ed

ISACB:0b27cca621


Number of tests needed Time per test


NTLM:MD5:SHA1:LM:SHA512:

60x40x20x10x

x


Length Composition Complexity Aging Construction prohibitions Reuse Memorization and storage

Your password policy?Password policies


Password aging was intended to reduce the time a bad actor had to guess a password. With modern computing power, this control isn’t logical and results in undesirable user behavior and reduces IT/infosec trust.


1. Gain intelligence about user behavior2. Assess password policies and user education3. Strengthen argument for…

technical controls policy changes algorithm changes 2FA

But why do it?


John the Ripper hashcat[-plus|-lite] Cryptohaze Multiforcer


Key space = set of strings to enumerate

A-Z = 26, a-z = 26, 0-9 = 10 [A-Z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][0-9] (26)^1 * (26)^8 * (10)^1 13,537,086,546,263,600 ≈ 13.5 thousand trillion

Password1Key space / brute force attack


Average adult vocabulary?

Key space = dictionary size

alamoDictionary attack


Average adult vocabulary?

Key space = dictionary size

RockYou exposure analysis


Transformations like using config file to set rules:DuplicationReversalAppendingRepeating

Key space of dictionary attack * transformations

Alamo!, omal, aallaammooRule attack


Combines strings from one dictionary with strings from another

Dictionary 1 = 10,000 strings Dictionary 2 = 50,000 strings Combinations = 500 million Vs. ~5.4 trillion for [a-z]^9 key space Reduces key space by 99.99% 1 day => 8 seconds

alamocityCombinator attack


It’s Str0ng!

-1 ?u -2 ?l -3 ?d ?1?2?2?2?2?2?2?2?3

Reduces key space by 99.98% 1 day => 13 seconds

Password1Mask attack

Like a brute force attack,

but more granular control


It’s Str0ng!

Dictionary + mask Mask + dictionary Dictionary ?1?2?2?2?2?2?2?2?3

Reduces key space by 99.98% 1 day => 13 seconds

Password1Hybrid attack


27% of alphabet But 62% of first letters of English word usage!

-1 TASHWIOtashwio -2 ?u?l ?1?2?2?2?2?2?2?2

Reduces key space by 73% 1 day => 6.5 hours

TASHWIOWork smart, not hard


RockYou – 32.6M plaintext eHarmony – 1.5M unsalted MD5 LinkedIn – 6.5M unsalted SHA1 Gawker – 1.3M unsalted DES

Large password leaks


First 1 million of 1.5 million eHarmony passwords posted online in June 2012

Unsalted MD5s

Analyzing eHarmony’s hashes


A CPU isn’t bad, but…


1. Use existing hardware2. Build a cracking box (GPU-based)3. Look at cloud service providers

My options


Beefy PSU Adequate cooling and electrical CPU and RAM relatively unimportant Multiple GPUs

Build your own


Had utilized Amazon EC2 service No capital investment to test it On-demand Scalable Had an option that included GPUs

Amazon EC2


Type of system Data transfer Data storage Purchase

options


Zelda ($0-ish/hour) Pathetic Dell Latitude

Yoda ($0.32/hour) 64-bit Ubuntu Server 12.04 LTS m1.large (7.5GB RAM, 4 EC2 Compute Units)

Xzibit ($2.10/hour) 64-bit Cluster GPU Amazon Linux AMI cg1.4xlarge (22GB RAM, 33.5 EC2 Compute Units)

Wiggum (TBD) Yoda (Grand Master) + 5 Jedi Knights

The systems


51 tests Group 3 – masking Group 4 – rules Group 5 – combinations Group 6 – hybrid (common prefixes + mask) Group 7 – hybrid (new dictionary + mask) Group 8 – hybrid (mask + common suffix) Group 9 – TASHWIO + mask

Key space of dictionary attack * transformations

The tests


Define sequence of jobs to run Analyze results (during and after job) Eliminate or adjust jobs based on results Create new dictionaries Create new rules Re-run jobs using new dictionaries and rules

Process


No lowercase letters!? Whoops!

Analyzing eHarmony’s hashes


Do not truncate the password. Do not transform it to uppercase or lowercase. Do not limit the number of characters that can be utilized. Do not limit the user to a weak password.


Results on Xzibit


Use long, unpredictable, random salts. Better still use bcrypt or PBKDF2.


1. Value of password resiliency assessments – insight2. Freely available assessment tools – hashcat, Cryprtohaze3. Assessment methodologies – iterative, intelligent4. Buy or rent – depends on use case and constraints5. Utilizing EC2 – fast, easy, flexible6. Hashing algorithm – bcrypt or PBKF27. Passphrases vs. passwords – passphrases…for now

Presentation goals recapped


$2.10/hour 54% cracked in 1 hour=> $2.10 69% cracked in 3 hours => $6.30 77% cracked in 9 hours => $18.90

Cost


Do not tell your colleagues the cloud is evil because you lack visibility. Or control. Or because you can do security better. They will not care. You will lose credibility. You will be excluded. And you will lose.


Xzibit – 1.6B/s Yoda – 6.2M/s Zelda – 14k/s

Peak speeds


Xzibit = 258 * Yoda Xzibit = $2.10 / hour Yoda = $0.32 / hour 1 hour on Xzibit = 258 hours on Yoda 258 * $0.32 = $82.56 Yoda is 3,831% more expensive

Is EC2 worth it?


Use fast algorithm (say what!?) No salt [Reused|short|non-random] salt Roll your own algorithm

Split the hash file?

Split the password candidates?

Workload distribution strategy


Use fast algorithm (say what!?) No salt [Reused|short|non-random] salt Roll your own algorithm

1M hashes: 833s100k hashes: 742s

10% of key space89% of duration

Split the password candidates

Workload distribution strategy


1. Value of password resiliency assessments – insight2. Freely available assessment tools – hashcat, Cryprtohaze3. Assessment methodologies – iterative, intelligent4. Buy or rent – depends on use case and constraints5. Utilizing EC2 – fast, easy, flexible6. Hashing algorithm – bcrypt or PBKF27. Passphrases vs. passwords – passphrases…for now

What’s next


Sentences Strings of words (careful!) Mnemonics (acronyms) Transformations similar to password

construction

Passphrases


Crowdsource Beg for orgs to share them Wait until they’re leaked Build our own

Acquiring passphrase candidates


E-books Movie scripts Song lyrics Tweets Any file that contains phrases or sentences

Acquiring passphrase candidates



Dictator – instructs on what files to get Miner – acquires files Hasher – hashes for uniqueness Hoarder – adds to queue Grabber – pulls file from queue Converter – converts to plaintext Massager – converts to lower

Passphrase builder



Splitter 1 – splits by sentence Splitter 2 – splits by word Parser – generates strings and acronyms Recorder – adds to DB Generator – sort, create acronyms, create

output

Passphrase builder



A person who never made a mistake never tried anything new. apwnmamntan a person who never person who never person who never made

Ranking Search engine results Frequency in DB Matches against leaks

Passphrase builder


Q&ASteve [email protected]: @stevewerbyhttp://www.linkedin.com/in/werby

building dictionaries and destroying hashes using amazon ec2 [presented by steve werby at isaca san...

Technology

cracking hashes

building dictionaries

stevewerby isaca san

cracking strategies

9c74be0d1a ffe81a52d2

password aging

password policy

identical password