building dictionaries and destroying hashes using amazon ec2 [presented by steve werby at isaca san...
DESCRIPTION
By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I'll demonstrate which dictionary attacks and password cracking strategies are the most effective. I will also discuss the building of passphrase dictionaries. The password and passphrase cracking will be performed primarily using Amazon EC2 and the time, cost, and resource constraints of EC2 and other options will be analyzed. Versions of this talk were also presented at Hack3rCon, DerbyCon, and SOURCE Seattle.TRANSCRIPT
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Building Dictionaries and Destroying Hashes using Amazon EC2
Steve Werby[President | Security Researcher | Security Consultant]Befriend
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Infosec since 19992. Former (CISO)3
3. BS Industrial Engineering, MBA, certs4. Presented at Hack3rCon, SecTor, DerbyCon, ShmooCon,
ConSec, SOURCE Conference, LASCON, BSidesDFW, VA SCAN, EDUCAUSE, InfraGard, OWASP, ISSA, AITP, IEEE, …
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments2. Freely available assessment tools3. Assessment methodologies4. Buy or rent5. Utilizing EC26. Hashing algorithm 7. Passphrases vs. passwords
Presentation goals
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Have a question? Ask! Have a comment? Share! I’ll ask some questions too.
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
One-way functions (non-reversible) Outputs a fixed-length string (unique…usually) Such as MD5, SHA1, NTLM, and WPA
781ab37e7553fef1809efdf8cff656dc54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Hashes
1. Username: steve, Password: 2012Election2. Transmitted to server3. md5(“2012Election”)4. Output compared to value stored on server5. If match, successful login
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
String concatenated with password pre-hashing Salt is rand(a-z) – can be from a larger key space md5(“w2012Election”) Stored in password DB as w:2012Election
781ab37e7553fef1809efdf8cff656dc54e18a5ad5152bd439efe9f1ae53506416bf7cf7
Salts
1. Key space increased by factor of 262. Identical password != identical hash3. Precomputation data storage increased
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Cracking strategies
1. Precompute hashes for a set of strings2. Enumerate password hash file3. Search for match in precomputation file
Precomputation
781ab37e75 fc93d481c1:hungerfdaa4719ed fdaa3b7c0d:earringffe81a52d2 fdaa4719ed:ISACA
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Cracking strategies
1. Enumerate a set of strings2. Hash the strings3. Search for match in password hash file
String enumeration
fc93d481c1 ISABY:e715b3acafdaa4719ed ISABZ:9c74be0d1affe81a52d2 ISACA:fdaa4719ed
ISACB:0b27cca621
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Number of tests needed Time per test
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
NTLM:MD5:SHA1:LM:SHA512:
60x40x20x10x
x
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Length Composition Complexity Aging Construction prohibitions Reuse Memorization and storage
Your password policy?Password policies
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Password aging was intended to reduce the time a bad actor had to guess a password. With modern computing power, this control isn’t logical and results in undesirable user behavior and reduces IT/infosec trust.
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Gain intelligence about user behavior2. Assess password policies and user education3. Strengthen argument for…
technical controls policy changes algorithm changes 2FA
But why do it?
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
John the Ripper hashcat[-plus|-lite] Cryptohaze Multiforcer
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Key space = set of strings to enumerate
A-Z = 26, a-z = 26, 0-9 = 10 [A-Z][a-z][a-z][a-z][a-z][a-z][a-z][a-z][0-9] (26)^1 * (26)^8 * (10)^1 13,537,086,546,263,600 ≈ 13.5 thousand trillion
Password1Key space / brute force attack
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Average adult vocabulary?
Key space = dictionary size
alamoDictionary attack
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Average adult vocabulary?
Key space = dictionary size
RockYou exposure analysis
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Transformations like using config file to set rules:DuplicationReversalAppendingRepeating
Key space of dictionary attack * transformations
Alamo!, omal, aallaammooRule attack
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Combines strings from one dictionary with strings from another
Dictionary 1 = 10,000 strings Dictionary 2 = 50,000 strings Combinations = 500 million Vs. ~5.4 trillion for [a-z]^9 key space Reduces key space by 99.99% 1 day => 8 seconds
alamocityCombinator attack
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
It’s Str0ng!
-1 ?u -2 ?l -3 ?d ?1?2?2?2?2?2?2?2?3
Reduces key space by 99.98% 1 day => 13 seconds
Password1Mask attack
Like a brute force attack,
but more granular control
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
It’s Str0ng!
Dictionary + mask Mask + dictionary Dictionary ?1?2?2?2?2?2?2?2?3
Reduces key space by 99.98% 1 day => 13 seconds
Password1Hybrid attack
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
27% of alphabet But 62% of first letters of English word usage!
-1 TASHWIOtashwio -2 ?u?l ?1?2?2?2?2?2?2?2
Reduces key space by 73% 1 day => 6.5 hours
TASHWIOWork smart, not hard
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
RockYou – 32.6M plaintext eHarmony – 1.5M unsalted MD5 LinkedIn – 6.5M unsalted SHA1 Gawker – 1.3M unsalted DES
Large password leaks
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
First 1 million of 1.5 million eHarmony passwords posted online in June 2012
Unsalted MD5s
Analyzing eHarmony’s hashes
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
A CPU isn’t bad, but…
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Use existing hardware2. Build a cracking box (GPU-based)3. Look at cloud service providers
My options
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Beefy PSU Adequate cooling and electrical CPU and RAM relatively unimportant Multiple GPUs
Build your own
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Had utilized Amazon EC2 service No capital investment to test it On-demand Scalable Had an option that included GPUs
Amazon EC2
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Type of system Data transfer Data storage Purchase
options
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Zelda ($0-ish/hour) Pathetic Dell Latitude
Yoda ($0.32/hour) 64-bit Ubuntu Server 12.04 LTS m1.large (7.5GB RAM, 4 EC2 Compute Units)
Xzibit ($2.10/hour) 64-bit Cluster GPU Amazon Linux AMI cg1.4xlarge (22GB RAM, 33.5 EC2 Compute Units)
Wiggum (TBD) Yoda (Grand Master) + 5 Jedi Knights
The systems
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
51 tests Group 3 – masking Group 4 – rules Group 5 – combinations Group 6 – hybrid (common prefixes + mask) Group 7 – hybrid (new dictionary + mask) Group 8 – hybrid (mask + common suffix) Group 9 – TASHWIO + mask
Key space of dictionary attack * transformations
The tests
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Define sequence of jobs to run Analyze results (during and after job) Eliminate or adjust jobs based on results Create new dictionaries Create new rules Re-run jobs using new dictionaries and rules
Process
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
No lowercase letters!? Whoops!
Analyzing eHarmony’s hashes
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Do not truncate the password. Do not transform it to uppercase or lowercase. Do not limit the number of characters that can be utilized. Do not limit the user to a weak password.
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Results on Xzibit
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use long, unpredictable, random salts. Better still use bcrypt or PBKDF2.
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments – insight2. Freely available assessment tools – hashcat, Cryprtohaze3. Assessment methodologies – iterative, intelligent4. Buy or rent – depends on use case and constraints5. Utilizing EC2 – fast, easy, flexible6. Hashing algorithm – bcrypt or PBKF27. Passphrases vs. passwords – passphrases…for now
Presentation goals recapped
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
$2.10/hour 54% cracked in 1 hour=> $2.10 69% cracked in 3 hours => $6.30 77% cracked in 9 hours => $18.90
Cost
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Do not tell your colleagues the cloud is evil because you lack visibility. Or control. Or because you can do security better. They will not care. You will lose credibility. You will be excluded. And you will lose.
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Xzibit – 1.6B/s Yoda – 6.2M/s Zelda – 14k/s
Peak speeds
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Xzibit = 258 * Yoda Xzibit = $2.10 / hour Yoda = $0.32 / hour 1 hour on Xzibit = 258 hours on Yoda 258 * $0.32 = $82.56 Yoda is 3,831% more expensive
Is EC2 worth it?
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use fast algorithm (say what!?) No salt [Reused|short|non-random] salt Roll your own algorithm
Split the hash file?
Split the password candidates?
Workload distribution strategy
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Use fast algorithm (say what!?) No salt [Reused|short|non-random] salt Roll your own algorithm
1M hashes: 833s100k hashes: 742s
10% of key space89% of duration
Split the password candidates
Workload distribution strategy
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
1. Value of password resiliency assessments – insight2. Freely available assessment tools – hashcat, Cryprtohaze3. Assessment methodologies – iterative, intelligent4. Buy or rent – depends on use case and constraints5. Utilizing EC2 – fast, easy, flexible6. Hashing algorithm – bcrypt or PBKF27. Passphrases vs. passwords – passphrases…for now
What’s next
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Sentences Strings of words (careful!) Mnemonics (acronyms) Transformations similar to password
construction
Passphrases
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Crowdsource Beg for orgs to share them Wait until they’re leaked Build our own
Acquiring passphrase candidates
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books Movie scripts Song lyrics Tweets Any file that contains phrases or sentences
Acquiring passphrase candidates
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books Movie scripts Song lyrics Tweets Any file that contains phrases or sentences
Dictator – instructs on what files to get Miner – acquires files Hasher – hashes for uniqueness Hoarder – adds to queue Grabber – pulls file from queue Converter – converts to plaintext Massager – converts to lower
Passphrase builder
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books Movie scripts Song lyrics Tweets Any file that contains phrases or sentences
Splitter 1 – splits by sentence Splitter 2 – splits by word Parser – generates strings and acronyms Recorder – adds to DB Generator – sort, create acronyms, create
output
Passphrase builder
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
E-books Movie scripts Song lyrics Tweets Any file that contains phrases or sentences
A person who never made a mistake never tried anything new. apwnmamntan a person who never person who never person who never made
Ranking Search engine results Frequency in DB Matches against leaks
Passphrase builder
Steve Werby (@stevewerby) | ISACA San Antonio: Building Dictionaries and Cracking Hashes with Amazon EC2 | October 23, 2012
Q&ASteve [email protected]: @stevewerbyhttp://www.linkedin.com/in/werby