TopicPassword Cracking and Brute

force

An Overview on Password Cracking

Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password

What is Password •String of characters for authentication

and log on computer, web application , software, Files , network , Mobile phones, and your life

•Comprises: [a-zA-z, 0-9, symbols , space]

Password Characteristics •No short length•No birthday or phone number, real name ,

company name •Don’t use complete words or quotes

▫Example: ▫Hello123: Weak▫@(H311l0)@: Strong▫Easy to remember, hard to guess

•1. What is Security?▫ Protect your private data stored in the disk or transfer

between any computer or any networking device.

•2. Why it is so important?▫ In the information age, we will be going online more

and provide more personal information (email, electronic transfer), and business transaction (e-commerce).

HACKERComputer Hacker is a typically knowledgeable person. He/she knows several different languages, Networking protocols.

A hacker will look for internal and external system holes or bugs to break into the system, fun and challenging.

CRACKER

Attempt to break into the system by guessing or cracking user’s passwords.

Cracker and Hacker are two different terms.

Hacker has generally higher level of education and intelligence than cracker.

Hackers do not like crackers.

Password Security

•Don’t use your old passwords•Don’t use working or private email for

every website registration such as games, news,….etc.

Password Cracking Concept•guessing or recovering a password •unauthorized access•To recover a forgotten password•A Penetration testing step ( e.g. Network

and Applications)

Password Cracking Concept•Password Cracking is illegal purpose to

gain unauthorized access •To retrieve password for authorize access purpose( misplacing, missing) due to various reason.( e.g. what was my password??)

Password Cracking Depends on•Attacker's strengths•Attacker's computing resources•Attacker's knowledge•Attacker's mode of access [physical or

online]•Strength of the passwords•How often you change your passwords?•How close are the old and new

passwords?•How long is your password?

Brute Force

Brute force▫Brute force means trying every possible

combination (e.g., a, aa, aaa to zzzzzzzzzzzzzz, azbycx, etc.).

▫Hybrid methods use a dictionary, but insert special characters (e.g., %, $ # or r0ya1- Zero for o and one for l) and/or permute words.

Password Cracking – Off Line•Attacks:

▫Dictionary attacks (build a dictionary of passwords).

▫Brute force (try all possible passwords).

•This really is still guessing – these systems don’t break encryption!

The characteristics :-

- Need very high processing speed

- Produces many number of passwords for a particular user using permutations and combinations May take months years to crack the password

Windows NT Passwords•Length

▫Anywhere from 0 to 14 characters•Characters

▫All letters (upper and lowercase), numbers, and symbols are acceptable

•Stored in SAM database

Windows NT Security

•Local Security Authority (LSA)▫Determines whether a logon attempt is

valid

•Security Accounts Manager (SAM)▫Receives user logon information and

checks it with its database to verify a correct username/password

LM Passwords VS. NT Passwords•An 8 character LM password is 890 times

easier to crack than an 8 character NT password

•A 14 character LM password is 450 trillion times easier to crack than a 14 character NT Password▫450 trillion = 450,000,000,000,000

NT Passwords – Not So Easy Cracking

• Character Set = Upper & lower case alpha, numeric, specials – about 106 characters

▫ N = 807 ~ 2.26 x 1028▫ Time = (2.26 x 1028)/(108 sec)(1/60x60x24) ~ 2.62 x

1015 days (harder)

Thank You