Download - Password cracking and brute force
TopicPassword Cracking and Brute
force
An Overview on Password Cracking
Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password
What is Password •String of characters for authentication
and log on computer, web application , software, Files , network , Mobile phones, and your life
•Comprises: [a-zA-z, 0-9, symbols , space]
Password Characteristics •No short length•No birthday or phone number, real name ,
company name •Don’t use complete words or quotes
▫Example: ▫Hello123: Weak▫@(H311l0)@: Strong▫Easy to remember, hard to guess
•1. What is Security?▫ Protect your private data stored in the disk or transfer
between any computer or any networking device.
•2. Why it is so important?▫ In the information age, we will be going online more
and provide more personal information (email, electronic transfer), and business transaction (e-commerce).
HACKERComputer Hacker is a typically knowledgeable person. He/she knows several different languages, Networking protocols.
A hacker will look for internal and external system holes or bugs to break into the system, fun and challenging.
CRACKER
Attempt to break into the system by guessing or cracking user’s passwords.
Cracker and Hacker are two different terms.
Hacker has generally higher level of education and intelligence than cracker.
Hackers do not like crackers.
Password Security
•Don’t use your old passwords•Don’t use working or private email for
every website registration such as games, news,….etc.
Password Cracking Concept•guessing or recovering a password •unauthorized access•To recover a forgotten password•A Penetration testing step ( e.g. Network
and Applications)
Password Cracking Concept•Password Cracking is illegal purpose to
gain unauthorized access •To retrieve password for authorize access purpose( misplacing, missing) due to various reason.( e.g. what was my password??)
Password Cracking Depends on•Attacker's strengths•Attacker's computing resources•Attacker's knowledge•Attacker's mode of access [physical or
online]•Strength of the passwords•How often you change your passwords?•How close are the old and new
passwords?•How long is your password?
Brute Force
Brute force▫Brute force means trying every possible
combination (e.g., a, aa, aaa to zzzzzzzzzzzzzz, azbycx, etc.).
▫Hybrid methods use a dictionary, but insert special characters (e.g., %, $ # or r0ya1- Zero for o and one for l) and/or permute words.
Password Cracking – Off Line•Attacks:
▫Dictionary attacks (build a dictionary of passwords).
▫Brute force (try all possible passwords).
•This really is still guessing – these systems don’t break encryption!
The characteristics :-
- Need very high processing speed
- Produces many number of passwords for a particular user using permutations and combinations May take months years to crack the password
Windows NT Passwords•Length
▫Anywhere from 0 to 14 characters•Characters
▫All letters (upper and lowercase), numbers, and symbols are acceptable
•Stored in SAM database
Windows NT Security
•Local Security Authority (LSA)▫Determines whether a logon attempt is
valid
•Security Accounts Manager (SAM)▫Receives user logon information and
checks it with its database to verify a correct username/password
LM Passwords VS. NT Passwords•An 8 character LM password is 890 times
easier to crack than an 8 character NT password
•A 14 character LM password is 450 trillion times easier to crack than a 14 character NT Password▫450 trillion = 450,000,000,000,000
NT Passwords – Not So Easy Cracking
• Character Set = Upper & lower case alpha, numeric, specials – about 106 characters
▫ N = 807 ~ 2.26 x 1028▫ Time = (2.26 x 1028)/(108 sec)(1/60x60x24) ~ 2.62 x
1015 days (harder)
Thank You