the state of modern password cracking

40
SESSION ID: #RSAC Christopher Camejo The State of Modern Password Cracking PDAC-W05 Director of Threat and Vulnerability Analysis NTT Com Security @0x434a

Upload: dangdiep

Post on 05-Jan-2017

248 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: The State of Modern Password Cracking

SESSION ID:

#RSAC

Christopher Camejo

The State of Modern Password Cracking

PDAC-W05

Director of Threat and Vulnerability AnalysisNTT Com Security@0x434a

Page 2: The State of Modern Password Cracking

#RSAC

Presentation Overview

Password Hashing 101 Getting Hashes Basic Cracking GPU Cracking

Statistical Analysis Advanced Hashing and Cracking Making Trouble Recommendations

2

Page 3: The State of Modern Password Cracking

#RSAC

Password Hashing 101

Page 4: The State of Modern Password Cracking

#RSAC

Password Hashing 101

administrator

Log In

********

0ab15acb4711103a7ffa24e485f4f03ctrustNo2

5979150da68d8b9d074751590c7896edtrustNo1

4

Page 5: The State of Modern Password Cracking

#RSAC

Adding Some Salt

5979150da68d8b9d074751590c7896edtrustNo1 Hash

5979150da68d8b9d074751590c7896edtrustNo1 Hash

Salt

18af5d264d8dabd39498990fadf9ec34q89f236h HashtrustNo1 q89f236h

a40e7ee72045e2b8d6b25673fda3b724ohfq3w84 HashtrustNo1 ohfq3w84

No Salt

5

Page 6: The State of Modern Password Cracking

#RSAC

Getting Hashes

Page 7: The State of Modern Password Cracking

#RSAC

Stealing Hashes

Compromise a Host• Local Caches• Network Sniffing

Application Vulnerabilities• SQL Injection• File Inclusion

Leaked Code• Hardcoded Client Passwords• Backdoor Hashes

7

Page 8: The State of Modern Password Cracking

#RSAC

Indecent Exposure

Warehouse.define dowarehouse :User do

login "[email protected]"name ""access "super"email "[email protected]"password "$2a$08$Y.JcIVvVQMk4UiToFFlLSObWeHYIT2zHdJrhYsgjdZdW7ZzByioh6"reset_token nil

endend

Search GitHub for ‘abc.com’ password

8

Page 9: The State of Modern Password Cracking

#RSAC

Basic Password Cracking

Page 10: The State of Modern Password Cracking

#RSAC

Entropy (lack thereof)

• 95 charactersStandard keyboard:

• 10 characters“Reasonable” password length:

• 60,510,648,114,517,000,000Possible combinations:

• 9,587 yearsTime to crack @ 200 million KPS:

10

Page 11: The State of Modern Password Cracking

#RSAC

Powers of 2

Length Lowercase Letters

Lowercase Alphanumeric

Mixed Case Alphanumeric

All characters

6 character 1.7 seconds 11.2 seconds 4.9 minutes 1.1 hours

7 characters 41.8 seconds 6.8 minutes 5 hours 4.1 days

8 characters 18.1 minutes 4.1 hours 1.9 weeks 1.1 years

9 characters 7.9 hours 0.9 weeks 2.2 years 1.1 centuries

10 characters 1.3 weeks 31.1 weeks 1.4 centuries 9.6 millennia

Time to crack @ 200 million keys per second

secret

Secret123!

11

Page 12: The State of Modern Password Cracking

#RSAC

Entropy (lack thereof)

• 291,500 entries• @200 million/sec = 0.0015 secondsOED Entries:

• 394,748 entries• @200 million/sec = 0.0020 seconds

Our “English” file

• 148,903,320 entries• @200 million/sec = 0.75 seconds

Our“Crack” file

• Spiders web sites and adds unique terms it finds to the dictionary fileCEWL

12

Page 13: The State of Modern Password Cracking

#RSAC

GPU Cracking

Page 14: The State of Modern Password Cracking

#RSAC

The Speed Problem

3dbe00a167653a1aaee01d93e77e730e

…aaaaaaacaaaaaaabaaaaaaaa

0e976d4541c8b231ec26e2c522e841aa

…baaaaaacbaaaaaabbaaaaaaa

0b23c6524e8f4d91afc91b60c786931c

…caaaaaaccaaaaaabcaaaaaaa

fab862c0c10fe5103dd17c36e34fbc8e

…daaaaaacdaaaaaabdaaaaaaa

190a6fde97189ed5be05402451b0519b

…eaaaaaaceaaaaaabeaaaaaaa

b7e6ab52e52380f13a5eca1452e801db

…faaaaaacfaaaaaabfaaaaaaa

14

Page 15: The State of Modern Password Cracking

#RSAC

The Bottleneck Solution

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

…faaaaaacfaaaaaabfaaaaaaa

…eaaaaaaceaaaaaabeaaaaaaa

…daaaaaacdaaaaaabdaaaaaaa

…caaaaaaccaaaaaabcaaaaaaa

…baaaaaacbaaaaaabbaaaaaaa

…aaaaaaacaaaaaaabaaaaaaaa

b7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730eb7e6ab52e52380f13a5eca1452e801db190a6fde97189ed5be05402451b0519bfab862c0c10fe5103dd17c36e34fbc8e0b23c6524e8f4d91afc91b60c786931c0e976d4541c8b231ec26e2c522e841aa3dbe00a167653a1aaee01d93e77e730e

15

Page 16: The State of Modern Password Cracking

#RSAC

Hashcat

Rules

Modify dictionary

words

Masks

Selective brute force

CPU and GPU cracking

Free/Open Source

16

Page 17: The State of Modern Password Cracking

#RSAC

More Power

Model • Nvidia GeForce GTX Titan X; $1,000 ea.

Cores • 3,072@1GHz x 8 GPUs= 24,576 cores

MD5 • 132 billion/sec

Crack 10 characters • 15 years

Model • Intel Xeon E5-2620 v3; $400 ea.

Cores • [email protected] x 2 CPUs = 12 cores

MD5 • 205 million/sec

Crack 10 characters • 9,353 years

17

Page 18: The State of Modern Password Cracking

#RSAC

Statistical Analysis

Page 19: The State of Modern Password Cracking

#RSAC

PCI Compliance

• 7 characters• Alphanumeric

Req8.2.3:

• Change <90 days

Req8.2.4:

Time to 7 characters

alphanumeric

MD55 mins

SHA5126 mins

Time to 10 characters

alphanumeric

MD53 days

SHA5129 days

19

Page 20: The State of Modern Password Cracking

#RSAC

Analyzing leaked passwords

Breached in 2009: 14.3 million plaintext passwords leaked

2%

13%

17%

20%15%

14%

17%

Password Length

<6 chars6 chars7 chars8 chars9 chars10 chars>10 chars

16%

25%

42%

17%

Password Complexity

Numeric

Lowercase

Lowercaseand numericOther

20

Page 21: The State of Modern Password Cracking

#RSAC

Smarter Analysis

“LD” Pattern:• All lowercase or all numbers• Lowercase with last 1-4 characters numeric

1-10 characters alphanumeric

• Recovered: 71%

• MD5: 3 days

• SHA512: 9 days

1-10 characters using pattern

• Recovered: 61%

• MD5: 6h23m

• SHA512: 17h41m

37%

28%

16%

19%

All NumbersAll LettersLetters then NumbersOther

21

Page 22: The State of Modern Password Cracking

#RSAC

Breaking NTLM for fun and profit

Old Windows domain authentication system

Uses very weak hashes

Hashes are everywhere

Keys to the Kingdom

Other security fails besides cracking

22

Page 23: The State of Modern Password Cracking

#RSAC

47%

33%

20%

Password Complexity

Mixed caseand numericLowercaseand numericOther

Crack and Analyze

8,930/15,902 “stolen” NTLM hashes (< 9 chars)

0% 5%10%

41%

44%

Password Length

<6 chars6 chars7 chars8 chars>8 chars

23

Page 24: The State of Modern Password Cracking

#RSAC

Recurring Themes

Variations on Company name

Variations on “P@5$w0rd”

Likely IT defaults that never got changed

A pattern emerges… Hello!123

Numbers at the end

1-4 of them

Special character before the number(s)

If at all

Uppercase in the first position

If at all

The rest is lowercase

24

Page 25: The State of Modern Password Cracking

#RSAC

Live Fire - Patterns

15,902 NTLM hashes “stolen” in penetration tests

Method Recovered Time

All to 7 chars 15% 10 mins

ULSD 8 chars 12% 1 min

ULSD 9 chars 5% 12 mins

LD 10 chars 2% 44 mins

Total 35% ~1 hour

Method Recovered Time

All to 8 chars 56% 17 hours

ULSD 9 chars 5% 12 mins

ULSD 10 chars 4% 6 hours

LD to 11 chars 1% 19 hours

Total 67% ~41 hours

ThoroughFast

25

Page 26: The State of Modern Password Cracking

#RSAC

Live Fire – Adding Dictionaries

15,902 NTLM hashes “stolen” in penetration tests

Fast (<1 hour) Recovered

No dictionary 35.0%

With dictionary 47.7%

Thorough (<2 days) Recovered

No dictionary 67%

With dictionary 73.9%

Method Recovered Time

149 million dictionary words with Best64 rule 24.6% 53s

149 million dictionary words with d3ad0ne rule 44.1% 5m

26

Page 27: The State of Modern Password Cracking

#RSAC

Advanced Hashing and Cracking

Page 28: The State of Modern Password Cracking

#RSAC

Rainbow Tables (Horribly Oversimplified)

Start End

aaaaaa abcabc

bbbbbb kitten

cccccc secret

dddddd sesame

eeeeee random

ffffff archer

… …

5979150da68d8b9d074751590c7896ed

trustNo1

secret

secret

28

Page 29: The State of Modern Password Cracking

#RSAC

Better Hashing

HashPassword Salt SaltWork Factor

x 10,000

Key Derivation Functions (KDFs)

HashPassword Salt Salt

Private Key

Hash-based Message Authentication Codes (HMACs)

29

Page 30: The State of Modern Password Cracking

#RSAC

Making Trouble

Page 31: The State of Modern Password Cracking

#RSAC

Making Trouble

Access or escalate privileges on a target network

Impersonate a user for fraud

Publicly post them to embarrass a target

Add them to cracking dictionary

31

Page 32: The State of Modern Password Cracking

#RSAC

Recommendations

Page 33: The State of Modern Password Cracking

#RSAC

Keep Hashes Safe

Strong SDLC for custom apps

Lock down Windows security configuration

Use admin credentials only when necessary

Penetration test to find weaknesses

33

Page 34: The State of Modern Password Cracking

#RSAC

Strong Password Policy

Enforce password requirements

Change <90 days

12+ characters

All character

types

Prohibit re-use

Pattern checks?

Support

Crack your own passwords

Awareness of phishing and re-use

34

Page 35: The State of Modern Password Cracking

#RSAC

Use Appropriate Crypto

DON’T WRITE YOUR OWN!!! EVER!!!

Cryptographically sound random number generator

Long and cryptographically strong salt unique to each credential

Use a KDF or HMAC instead of a plain hash

KDFs:

PBKDF2, scrypt, bcrypt

Update Work Factors as appropriate

HMACS:

Use a strong key Protect the key

35

Page 36: The State of Modern Password Cracking

#RSAC

When it really needs to be secure

Something You Know

PIN

Password

Something You Have

Token Card

Certificate File

36

Page 37: The State of Modern Password Cracking

#RSAC

Don’t Muck It Up

Broken authentication and session management

Password reset procedures

Leaking plaintext passwords

Users with the same password on every site

Users who fall for phishing

Malware and keyloggers

37

Page 38: The State of Modern Password Cracking

#RSAC

Wrapping Up

Page 39: The State of Modern Password Cracking

#RSAC

Apply this knowledge

• Change YOUR password to something long, complex, and unique to each service• Do some Google searches for your own company’s code and passwords (e.g. GitHub)

Next week you should:

• Implement a better password policy and enforce it• Look for incorrect salt usage, use of plain hashes, and weak crypto, and unnecessary

backwards-compatibility settings

In the first three months following this presentation you should:

• Disable as much backwards compatibility and outdated crypto as possible• Use salted KDF or HMACs for all password authentication• Implement 2-factor or other password alternatives where appropriate

Within six months you should:

39

Page 40: The State of Modern Password Cracking

#RSAC

Contact Details

[email protected] - @0x434a

40