modern network security prac3ces: using rainbow tables to ...rainbow tables to crack...

Modern Network Security Prac3ces: Using Rainbow Tables to Solve an Organiza3onal Issue Christopher McMahon and Xiaowen Zhang, Ph.D. Department of Computer Science, College of Staten Island, City University of New York The Abstract The purpose of this case study analysis is to examine a non-tradiDonal method of idenDfying weak passwords within a large hospital organizaDon. The process of using rainbow tables to crack passwords/ensure password compliance is discussed and specific examples are provided within this paper. This process emphasizes the noDon that network security-related problems tend to be organizaDon- specific and require creaDve approaches. The goal is to establish a pracDcal use for rainbow tables within an organizaDon as a means of enhancing network security. What are Rainbow Tables? The Results The Problem A recent problem of a large North American hospital: • Their network security team is unable to mandate regular password changes because of the large, diverse populaDon of close to 12,000 users. • Many users in paDent care never directly log in to a computer, only logging in to their applicaDons , rarely checking their e-mail accounts, and would not know if their password had expired.. • Password complexity was not a requirement added unDl 2010. This meant that passwords set before 2010 had no restricDons on length or character types. • Since passwords are stored as hashes with a constant length in AcDve Directory, it is impossible to easily determine whether a password meets the current complexity requirements. This resulted in an unknown amount, possibly thousands, of passwords that were not compliant to current complexity requirements. To address this issue, the idea was proposed to use Rainbow Tables to idenDfy which passwords were noncompliant. The Method 18.77 % 81.23 % Total number of password hashes: 11980 · Number of passwords cracked: 2249 · Number of passwords uncracked: 9731 Password length of cracked hashes Length Count 7 characters 1961 6 characters 136 5 characters 131 4 characters 20 3 characters 1 The results of the project led to the following changes: • The help desk was noDfied to reset non-compliant passwords and contact offending users. • Kerberos became the required authenDcaDon protocol. • LM (An outdated hashing funcDon) password hashes are no longer stored in AcDve Directory. • Fine-grain password policies were put in place to ensure stronger password complexity for Administrator accounts. A rainbow table is a type of hash lookup table uDlizing TMTO (Time-Memory Trade-Off aback) generated to reverse cryptographic hash funcDons as a means to crack password hashes. It is compromised of rainbow chains, which starts with a plaintext password and uses alternaDng hash and reducDon funcDons. Everything is then thrown away except for the first input and the last hash. When cracking a password, these chains are then regenerated unDl the hash is found. This greatly improves storage efficiency over a regular password and hash table but requires more Dme to perform the hash lookup. Rainbow Chain Example The product used is called RainbowCrack ( hbp://project-rainbowcrack.com ). It is a full suite of tools for generaDon, sorDng, and merging of rainbow tables, as well as a lookup tool for passwords inside of the tables. The process for this project was as follows: • GeneraDng the tables with rtgen. For this project, we generated 50 tables of all passwords 7 characters or less. • SorDng the tables using rtsort. This sorts each table by end point of each rainbow chain to make binary search possible. • Extract all user accounts and password hashes from AcDve Directory. This was accomplished by using a PowerShell script uDlizing DSInternals PowerShell module. ( hbps://github.com/MichaelGrafneber/DSInternals ) • Run a comparison of extracted password hashes against the generated rainbow tables using rcrack.

Upload: others

Post on 02-Jun-2020

4 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Modern Network Security Prac3ces: Using Rainbow Tables to ...rainbow tables to crack passwords/ensure password compliance is discussed and speciﬁc examples are provided within this

ModernNetworkSecurityPrac3ces:UsingRainbowTablestoSolveanOrganiza3onalIssueChristopherMcMahonandXiaowenZhang,Ph.D.DepartmentofComputerScience,CollegeofStatenIsland,CityUniversityofNewYork

TheAbstractThepurposeofthiscasestudyanalysisistoexamineanon-tradiDonalmethodofidenDfyingweakpasswordswithinalargehospitalorganizaDon.Theprocessofusingrainbowtablestocrackpasswords/ensurepasswordcomplianceisdiscussedandspecificexamplesareprovidedwithinthispaper.ThisprocessemphasizesthenoDonthatnetworksecurity-relatedproblemstendtobeorganizaDon-specificandrequirecreaDveapproaches.ThegoalistoestablishapracDcaluseforrainbowtableswithinanorganizaDonasameansofenhancingnetworksecurity.

WhatareRainbowTables? TheResults

TheProblemArecentproblemofalargeNorthAmericanhospital:•  Theirnetworksecurityteamisunabletomandate

regularpasswordchangesbecauseofthelarge,diversepopulaDonofcloseto12,000users.

•  ManyusersinpaDentcareneverdirectlylogintoacomputer,onlyloggingintotheirapplicaDons,rarelycheckingtheire-mailaccounts,andwouldnotknowiftheirpasswordhadexpired..

•  PasswordcomplexitywasnotarequirementaddedunDl2010.Thismeantthatpasswordssetbefore2010hadnorestricDonsonlengthorcharactertypes.

•  SincepasswordsarestoredashasheswithaconstantlengthinAcDveDirectory,itisimpossibletoeasilydeterminewhetherapasswordmeetsthecurrentcomplexityrequirements.

Thisresultedinanunknownamount,possiblythousands,ofpasswordsthatwerenotcomplianttocurrentcomplexityrequirements.Toaddressthisissue,theideawasproposedtouseRainbowTablestoidenDfywhichpasswordswerenoncompliant.

TheMethod

18.77%

81.23%

Totalnumberofpasswordhashes:11980·Numberofpasswordscracked:2249·Numberofpasswordsuncracked:9731

PasswordlengthofcrackedhashesLength Count7characters 1961

6characters 136

5characters 131

4characters 20

3characters 1

Theresultsoftheprojectledtothefollowingchanges:•  ThehelpdeskwasnoDfiedtoresetnon-compliant

passwordsandcontactoffendingusers.•  KerberosbecametherequiredauthenDcaDonprotocol.•  LM(AnoutdatedhashingfuncDon)passwordhashesareno

longerstoredinAcDveDirectory.•  Fine-grainpasswordpolicieswereputinplacetoensure

strongerpasswordcomplexityforAdministratoraccounts.

ArainbowtableisatypeofhashlookuptableuDlizingTMTO(Time-MemoryTrade-Offaback)generatedtoreversecryptographichashfuncDonsasameanstocrackpasswordhashes.Itiscompromisedofrainbowchains,whichstartswithaplaintextpasswordandusesalternaDnghashandreducDonfuncDons.Everythingisthenthrownawayexceptforthefirstinputandthelasthash.

Whencrackingapassword,thesechainsarethenregeneratedunDlthehashisfound.ThisgreatlyimprovesstorageefficiencyoveraregularpasswordandhashtablebutrequiresmoreDmetoperformthehashlookup.

RainbowChainExample

TheproductusediscalledRainbowCrack(hbp://project-rainbowcrack.com).ItisafullsuiteoftoolsforgeneraDon,sorDng,andmergingofrainbowtables,aswellasalookuptoolforpasswordsinsideofthetables.Theprocessforthisprojectwasasfollows:•  GeneraDngthetableswithrtgen.Forthisproject,we

generated50tablesofallpasswords7charactersorless.•  SorDngthetablesusingrtsort.Thissortseachtableby

endpointofeachrainbowchaintomakebinarysearchpossible.

•  ExtractalluseraccountsandpasswordhashesfromAcDveDirectory.ThiswasaccomplishedbyusingaPowerShellscriptuDlizingDSInternalsPowerShellmodule.(hbps://github.com/MichaelGrafneber/DSInternals)

•  Runacomparisonofextractedpasswordhashesagainstthegeneratedrainbowtablesusingrcrack.

Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook

RAINBOW CONNECTION NUMBER DAN STRONG RAINBOW …etheses.uin-malang.ac.id/10592/1/13610107.pdf · rainbow connection number dan strong rainbow connection number pada graf komplemen

Final rainbow june 2011 rainbow

RAINBOW CONNECTION NUMBER DAN STRONG RAINBOW …

CSCI 654 - Foundations of Parallel Programming Team ...ark/654/team/4/report.pdf · approach would be to use a cracking technique which employs Rainbow Tables. Rainbow Table is a

Eleanor si Park - Rainbow Rowell - Libris.ro si Park - Rainbow... · Title: Eleanor si Park - Rainbow Rowell Author: Rainbow Rowell Keywords: Eleanor si Park - Rainbow Rowell Created

Digital Dentistry Solution - 덴티움 · Digital Dentistry Solution CT SCAN rainbow™ Davinci rainbow™ iOS rainbow™ Block rainbow™ Porcelain rainbow™ Mill - Clinic rainbow™

Rainbow Tables - user.eng.umd.edudanadach/Security_Fall_17/rainbow_17.pdf · Rainbow Tables •Rainbow Table takes advantage of the fact that is fairly small. •Countermeasure: Store

OVER THE RAINBOW - BernaertsMusic.com · OVER THE RAINBOW - BernaertsMusic.com ... q

Code Breaking and Digital Forensics - OAS• Rainbow Tables • Other Code breaking tools. What is Cryptography ... Tables and Rainbow Table Technology – BestCrypt, WinZip (AES),

FAHRGESCHÄFT »RAINBOW MILLENIUM« - Faller€¦ · FAHRGESCHÄFT »RAINBOW MILLENIUM« »RAINBOW MILLENIUM« AMUSEMENT PARK RIDE MANÈGE »RAINBOW MILLENIUM« KERMISATTRACTIE »RAINBOW