modern network security prac3ces: using rainbow tables to ...rainbow tables to crack...
TRANSCRIPT
ModernNetworkSecurityPrac3ces:UsingRainbowTablestoSolveanOrganiza3onalIssueChristopherMcMahonandXiaowenZhang,Ph.D.DepartmentofComputerScience,CollegeofStatenIsland,CityUniversityofNewYork
TheAbstractThepurposeofthiscasestudyanalysisistoexamineanon-tradiDonalmethodofidenDfyingweakpasswordswithinalargehospitalorganizaDon.Theprocessofusingrainbowtablestocrackpasswords/ensurepasswordcomplianceisdiscussedandspecificexamplesareprovidedwithinthispaper.ThisprocessemphasizesthenoDonthatnetworksecurity-relatedproblemstendtobeorganizaDon-specificandrequirecreaDveapproaches.ThegoalistoestablishapracDcaluseforrainbowtableswithinanorganizaDonasameansofenhancingnetworksecurity.
WhatareRainbowTables? TheResults
TheProblemArecentproblemofalargeNorthAmericanhospital:• Theirnetworksecurityteamisunabletomandate
regularpasswordchangesbecauseofthelarge,diversepopulaDonofcloseto12,000users.
• ManyusersinpaDentcareneverdirectlylogintoacomputer,onlyloggingintotheirapplicaDons,rarelycheckingtheire-mailaccounts,andwouldnotknowiftheirpasswordhadexpired..
• PasswordcomplexitywasnotarequirementaddedunDl2010.Thismeantthatpasswordssetbefore2010hadnorestricDonsonlengthorcharactertypes.
• SincepasswordsarestoredashasheswithaconstantlengthinAcDveDirectory,itisimpossibletoeasilydeterminewhetherapasswordmeetsthecurrentcomplexityrequirements.
Thisresultedinanunknownamount,possiblythousands,ofpasswordsthatwerenotcomplianttocurrentcomplexityrequirements.Toaddressthisissue,theideawasproposedtouseRainbowTablestoidenDfywhichpasswordswerenoncompliant.
TheMethod
18.77%
81.23%
Totalnumberofpasswordhashes:11980·Numberofpasswordscracked:2249·Numberofpasswordsuncracked:9731
PasswordlengthofcrackedhashesLength Count7characters 1961
6characters 136
5characters 131
4characters 20
3characters 1
Theresultsoftheprojectledtothefollowingchanges:• ThehelpdeskwasnoDfiedtoresetnon-compliant
passwordsandcontactoffendingusers.• KerberosbecametherequiredauthenDcaDonprotocol.• LM(AnoutdatedhashingfuncDon)passwordhashesareno
longerstoredinAcDveDirectory.• Fine-grainpasswordpolicieswereputinplacetoensure
strongerpasswordcomplexityforAdministratoraccounts.
ArainbowtableisatypeofhashlookuptableuDlizingTMTO(Time-MemoryTrade-Offaback)generatedtoreversecryptographichashfuncDonsasameanstocrackpasswordhashes.Itiscompromisedofrainbowchains,whichstartswithaplaintextpasswordandusesalternaDnghashandreducDonfuncDons.Everythingisthenthrownawayexceptforthefirstinputandthelasthash.
Whencrackingapassword,thesechainsarethenregeneratedunDlthehashisfound.ThisgreatlyimprovesstorageefficiencyoveraregularpasswordandhashtablebutrequiresmoreDmetoperformthehashlookup.
RainbowChainExample
TheproductusediscalledRainbowCrack(hbp://project-rainbowcrack.com).ItisafullsuiteoftoolsforgeneraDon,sorDng,andmergingofrainbowtables,aswellasalookuptoolforpasswordsinsideofthetables.Theprocessforthisprojectwasasfollows:• GeneraDngthetableswithrtgen.Forthisproject,we
generated50tablesofallpasswords7charactersorless.• SorDngthetablesusingrtsort.Thissortseachtableby
endpointofeachrainbowchaintomakebinarysearchpossible.
• ExtractalluseraccountsandpasswordhashesfromAcDveDirectory.ThiswasaccomplishedbyusingaPowerShellscriptuDlizingDSInternalsPowerShellmodule.(hbps://github.com/MichaelGrafneber/DSInternals)
• Runacomparisonofextractedpasswordhashesagainstthegeneratedrainbowtablesusingrcrack.