Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

A profile of prolonged, persistent SSH attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet

Windows surface RT tablet forensics

Small scale digital device forensics is particularly critical as a result of the mobility of these devices, leading to closer proximity to crimes as they occur when compared to computers. The Windows Surface tablet is one such device, combining tablet mobility with familiar Microsoft Windows productivity tools. This research considers the acquisition and forensic analysis of the Windows Surface RT tablet. We discuss the artifacts of both the Windows RT operating system and third-party applications. The contribution of this research is to provide a road map for the digital forensic examination of Windows Surface RT tablets

Invited Paper - A Profile of Prolonged, Persistent SSH Attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet. Keywords: Cyber Security, SSH, Secure Shell, Honeypots, Kipp

On Efficiency of Distributed Password Recovery

One of the major challenges in digital forensics today is data encryption. Due to the leaked information about unlawful sniffing, many users decided to protect their data by encryption. In case of criminal activities, forensic experts are challenged how to decipher suspect\u27s data that are subject to investigation. A common method how to overcome password-based protection is a brute force password recovery using GPU-accelerated hardware. This approach seems to be expensive. This paper presents an alternative approach using task distribution based on BOINC platform. The cost, time and energy efficiency of this approach is discussed and compared to the GPU-based solution

Performance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures

The NIST hash function competition to design a new cryptographic hash standard 'SHA-3' is currently one of the hot topics in cryptologic research, its outcome heavily depends on the public evaluation of the remaining 14 candidates. There have been several cryptanalytic efforts to evaluate the security of these hash functions. Concurrently, invaluable benchmarking efforts have been made to measure the performance of the candidates on multiple architectures. In this paper we contribute to the latter; we evaluate the performance of all second-round SHA-3 candidates on two exotic platforms: the Cell Broadband Engine (Cell) and the NVIDIA Graphics Processing Units (GPUs). Firstly, we give performance estimates for each candidate based on the number of arithmetic instructions, which can be used as a starting point for evaluating the performance of the SHA-3 candidates on various platforms. Secondly, we use these generic estimates and Cell-/GPU-specific optimization techniques to give more precise figures for our target platforms, and finally, we present implementation results of all 10 non-AES based SHA-3 candidates

Password Habits and Cracking Toolkit

Passwords comprise important pieces of information nowadays. They are on the basis of many access control systems and are often the first, something-you-know factor of authentication mechanisms. They comprise keys to computer systems, confidential information or even physical facilities, and their widespread adoption makes of their discovery one of the main objectives of the initial phase of computer attacks and an interesting research topic. On the one hand, since passwords are sequences of characters with which the input of users have to be compared to, their representations have to be stored in computer systems; on the other, given their sensitive nature, they have to be stored in a secure manner. Rather than the passwords themselves, it is common and preferable to save transformations of these sequences of characters, which should be obtained using functions with stringent properties such as the ones of cryptographically secure hash or encryption functions. There are many known methods available and documented nowadays for such task, scrutinized in the literature and considered secure, though they are not always correctly employed. Obtaining a password from a representation is thus, normally, a computationally unfeasible task. Cracking a password often refers to the procedure of submitting several known passwords (using dictionaries or compendiums) or patterns (using brute force attacks) to the transformation procedure and compare the result with a representation, until a match is obtained, if ever. As such, the security of the mechanism used to obtain the representations is also dependent of how guessable the passwords are. This dissertation addresses the topics of habits for construction of passwords and tools for cracking them. Several specialized tools for cracking are available nowadays, most of them free or open source, designed for command line interaction only. One of the main contributions of this work comprised the development of a Graphical User Interface (GUI) for several cracking tools (namely Hashcat, John the Ripper and RainbowCrack), congregating their most interesting features in an integrated and meaningful manner. The developed toolkit, named PassCrackGUI, was then used in the cracking attempt of several Databases (DBs) with password representations that leaked to the Internet in 2014 and 2015 with the intention of analyzing how vulnerable they were to the procedure, and also the contemporary habits of people in terms of construction of passwords. Also aiming to better study the topic mentioned in last, a questionnaire was prepared and delivered to 64 participants. This analysis of password habits constitutes another contribution of this work. PassCrackGUI is a main output of this Master of Science (M.Sc.) program. It is fully functional, easy to use and made freely available as an open-source project. It was written in Java and tested in Linux, Windows and Mac Operating Systems (OSs). When using it to crack the leaked DBs, it was possible to recover 36% of the 4233 password representations using only dictionaries and simple rules on a common laptop. Part of the problem lies in the adopted mechanismsfor obtaining the representations, which were outdated in most of the cases; while very weak passwords also contributed for this number (e.g., a significant number of 4 digits long passwords was found in one of the DBs). The results from the survey corroborate other works in the area, namely in terms of stereotypes. For example, the answers suggest that men use longer and more diverse (in terms of character sets) passwords than women. Nonetheless, several contracting aspects lead to the conclusion that the participants may be claiming to construct stronger passwords than they really use.As palavras-passe desempenham, hoje em dia, um papel importante em sistemas informação. Estas estão muitas vezes na base de mecanismos de controlo de acesso e constituem frequentemente o primeiro factor something you know de mecanismos de autenticação. São chaves para computadores, sistemas de software, informação confidêncial e até para edifícios, e a sua adoção generalizada torna a sua descoberta um dos principais objetivos da fase inicial de ataques informáticos e uma área de investigação muito interessante. Por um lado, dado que as palavras-passe são sequências de caracteres com as quais valores fornecidos por utilizadores têm de ser comparados, a sua representação tem de ser guardada em sistemas computacionais; por outro, dada a sua natureza sensível, estas têm de ser guardadas de uma forma segura. Ao invés de guardar as palavras-passe em texto limpo, é comum e preferível guardar transformações destas sequências de caracteres, obtidas através de funções com propriedades muito especificas, tais como funções de cifra ou resumo criptográficas. Existem vários métodos conhecidos e documentados hoje em dia para a execução desta tarefa, descritos na literatura da especialidade e considerados seguros, embora estas não sejam sempre corretamente utilizadas. Assim, a obtenção de uma palavras-passe a partir da representação constitui normalmente uma tarefa computacionalmente inviável. O compromentimento de palavras-passe (do inglês password cracking) é então tentado através da submissão repetida de diversas palavras já conhecidas (usando dicionários ou compendios) ou padrões à função de transformação, comparando o seu resultado com a representação capturada, até que uma correspondência seja encontrada ou as possibilidades se esgotem. Assim, a segurança dos mecanismos usados para a obtenção das representações está dependente do quão previsíveis as palavras-passe são. Esta dissertação aborda temas relacionados com hábitos de construção de palavras-passe e ferramentas de password cracking. Muitas ferramentas especializadas de cracking estão disponíveis nos dia de hoje, sendo muitas delas gratuidas ou código aberto, desenhadas apenas para interação em linha de comandos. Uma das principais contribuições deste trabalho foi o desenvolvimento de uma interface gráfica para diversas ferramentas de cracking (como o Hashcat, John the Ripper e RainbowCrack), reunindo as suas funcionalidades mais interessantes de uma forma concisa e inteligente. A ferramenta desenvolvida, designada por PassCRackGUI, foi usada com o intuito de descobrir palavras-passe em diversas bases de dados contendo representações, e que vazaram para a Internet em 2014 e 2015. Este estudo foi feito com a intenção de analisar o quão expostas as respetivas palavras-passe estão e também de perceber os hábitos dos utilizadores na construção destas sequências de caracteres. Para um melhor estudo deste último tópico, foi preparado e entregue um questionário a 64 participantes. A análise dos resultados deste questionário constitui outra contribuição deste trabalho. PassCrackGUI é o principal resultado deste programa de mestrado. É totalmente funcional, fácil de usar e está disponível gratuitamente como um projeto open source. Foi desenvolvido em Java e testado nos sistemas operativos Linux, Windows e Mac OS. Quando usado na tentativa de cracking das bases de dados vazadas, foi possível recuperar 36% de 4233 representações de palavras-passe, apenas utilizando dicionários e simples regras num computador portátil vulgar. Parte do problema reside nos mecanismos adotados para a obtenção das representações, já ultrapassados na maioria dos casos; enquanto que a existência de palavras-passe fracas também contribuiu para este número (e.g., um significante número de palavras-passe eram constituídas por 4 dígitos apenas). Os resultados do questionário estão em conformidade com outros trabalhos nesta área, nomeadamente em termos de esteriótipos. Por exemplo, as respostas sugerem que os homens usam palavras-passe com maior diversidade e comprimento do que as mulheres. Ainda assim, vários aspectos contraditórios nas respostas levam à conclusão que os participantes parecem estar a alegar usar palavras-passe mais fortes do que usam realmente

Authentication Methods and Password Cracking

Na začátku této práce porovnáváme dnes běžně používané metody autentizace a také mluvíme o historii, současnosti a budoucnosti zabezpečení hesel. Později využíváme nástroj Hashcat k experimentům s útoky hrubou silou a slovníkovými útoky, které zrychlujeme s pomocí Markovových modelů a pravidel pro manipulaci se slovy. Porovnáváme také dva hardwarové přístupy --- běžný počítač a cloud computing. Nakonec na základě našich poznatků práci uzavíráme souborem doporučení na prolamování hesel s důrazem na hardware, velikost datové sady a použitou hašovací funkci.In the beginning of this thesis, we compare authentication methods commonly used today and dive into the history, state of the art as well as the future of password security. Later on, we use the tool Hashcat to experiment with brute-force and dictionary attacks accelerated with Markov models and word mangling rules. We also compare two hardware approaches --- regular computer and cloud computing. Based on our findings, we finally conclude with a set of password-cracking recommendations with focus on hardware, dataset size and used hash function

Use of Heuristics for Password Recovery with GPU Acceleration

Tato práce se zabývá různými technikami, které umožňují zlepšení procesu obnovy hesel akcelerovaného pomocí GPU. V první části je představen Markovův model a jednoduché regulární výrazy, které umožňují výrazně redukovat stavový prostor generovaných hesel. Tyto techniky jsou založeny na pozorování hesel tvořených uživateli. Byl navržen paralelní algoritmus, který kombinuje tyto techniky. Závěr práce obsahuje výsledky experimentů, které dokazují výhody použití Markovova modelu.This thesis discusses various techniques to enhance the password recovery process with GPU acceleration. The first part introduces a Markov model and simple regular expressions. These techniques dramatically reduce the password space to be searched. This is based on observations of users and their use of letters in passwords. We propose the design of a parallel algorithm that combines both techniques. Last part of the thesis contains the results of experiments to prove benefits of Markov model.