By Gaurav JoshiMansi Nahar

(Team: RubberDuckDebuggers)

Password Cracking via Dictionary Attack

Background● The method of cracking passwords by trying all candidate passwords from a

given list is known as “Dictionary attack”. ● Our approach includes generating multiple combinations of the passwords in

parallel, and trying out all of those parallely against all the passwords we want to crack.

Candidate password Generator

Hash Checker

Dictionary words

Hashed Passwords

Cracked passwords

input

Research paper 1Title: Dictionary Attack on TrueCrypt with RIVYERA S3-5000

Author: Abbas, Ayman and Rathje, Claas Anders and Wienbrandt, Lars and Schimmler, Manfred

Name of journal: Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems

Date: 2012-12-17

Page number: 93--100

URL: http://dx.doi.org/10.1109/ICPADS.2012.23

Informal :

Dictionary attack using FPGAs to decrypt file container header.

Formal:

Decrypt file container header encrypted with SERPENT, and header keys calculated using WHIRLPOOL (1000 iterations), using RIVYERA S3-5000, to eventually recover password and decrypt the whole file encrypted using TrueCrypt software.

Problem Statement

Approach● TrueCrypt is software to encrypt partitions, file containers etc.● Of all options available the paper has targeted SERPENT as encryption

algorithm and WHIRLPOOL as hashing function● Each file container has header which has unencrypted salt and word “TRUE”

in the beginning. ● Header keys are generated from dictionary , 1000 iterations and

WHIRLPOOL. ● This header key is then used decrypt the header and try to decrypt word

“TRUE”.

Image Reference: [1]

● Architecture of RIVYERA consists of two components:○ FPGA based supercomputer (128 FPGA’s in 16 slots)○ Mainboard Intel i7, 8 GB RAM (linux)

Image Reference : [1]

ContributionPasswords are generated using

HK = PBKDF2( P, S, c, 512)where P = PassphraseS = saltc = iterations for pseudoRandom function, WHIRLPOOL (1000)hklength = 512

Results of the paper ● Speedup of 247 as compared to PC implementation ● Energy consumption is around of RIVYERA is 590 W, whereas same

performance with PC needs cluster of 247 nodes, consuming around 55575W. So we require 94 times lesser energy, with same performance.

● Number of passwords searched 203000 per second as compared to intel i7 (6 cores, 12 threads) 820 per second.

Drawbacks of this approach● Cost (huge around $140,000)● Development time● VHDL,etc. expertise

Takeaway for our approachThough the approach discussed by paper seems fascinating we won’t be using it.

OpenPGP- OpenPGP is a standard of PGP (Pretty Good Privacy).- A most widely used email encryption standard.- A hybrid cryptographic scheme.- You can read more about it in RFC 4880.

------------------

------------------

------------------

Use Session

Key

Use Public Key to encrypt

session key

Original File Encrypted File Encrypted File and Session Key

Sender:-

------------------

------------------

------------------

Use Private Key

Use Session

Key

Encrypted File and Session Key

Session Key Decrypted

Original Unencrypted File

Receiver :-

OpenPGP- The keys used in OpenPGP are stored in keyrings. - Private keys in private keyrings and public keys in public keyrings.- In order to prevent disclosure of your private keys - private keyring is

encrypted using symmetric algorithm that uses the hash of the user’s passphrase as a secret key.

Title: An Architecture for Distributed Dictionary Attacks to Cryptosystems

Author: Massimo Bernaschi, Mauro Bisson, Emanuele Gabrielli, Simone Tacconi

Name of journal: Journal Of Computers, Vol 4, No 5

Date: 4 May 2009

Page number: 378--386

URL: http://ojs.academypublisher.com/index.php/jcp/article/view/690

Research paper 2

Problem- The paper discusses how an attack can be performed on the user specified

passphrase in order to get the private keys.

Contribution of the paper A distributed architecture for performing dictionary attack.

- The architecture consists of 3 levels - root, generators and verifiers.

Root - Dictionary Compilation PhaseGenerators - Passphrase Generation PhaseVerifiers - Passphrase verification Phase

Advantage● This approach can be applied to other cryptosystems by making a few

changes.

Drawbacks

● Not a purely distributed architecture - root node is central point of failure.● Verification process is not parallelized to its full extent.

Takeaway for our approach- The phases involved in the paper’s approach are similar to the phases in our

approach.- Although the paper uses a distributed architecture, we will be using a parallel

architecture which we assume will give a similar or better results.- Also, with the help of PJ2 library this kind of architecture can easily be ported

to a parallel architecture.

Research paper 3Title: A fast, GPU based, dictionary attack to OpenPGP secret keyrings

Author: Milo, Fabrizio and Bernaschi, Massimo and Bisson, Mauro

Name of journal: J. Syst. Softw.

Date: December, 2011

Page number: 2088--2096

URL: http://dx.doi.org/10.1016/j.jss.2011.05.027

ProblemTo guess passwords of private keyrings of OpenPGP using dictionary attack, with implementation based on CUDA.

Approach● Fast test to filter out candidate passwords● GPU used for “fast test”. (fast test is same as last paper)● Fast test is useful as, last step (getting hash of the MPI and comparing it with

hash present in decrypted plaintext) is computationally expensive. ● CPU to test passwords

● Efficient SHA1 implementation for GPU using loop unwinding.(20x speedup)● Effective use of GPU for filtering candidate passphrase. i.e. for “fast test”.● Minimizing computation overhead by avoiding Standard procedure to evaluate

the correctness of passphrase. ● Other GPU specific implementation based optimizations.● Key generation and decryption are sequential to avoid Global memory access

overhead.

Contribution of the paper

Drawbacks● Sequential dependency of last stage.● Method is not generic. Very specific to OpenPGP.● Verification process is not fully parallelized.

We found out that the Fast test approach could have been parallelized by producer consumer pattern. But since they are using GPU intermediate results from key transformation kernel would have to be stored in Global memory and then the Decryption kernel would take over.

Issue? - Memory overhead.

Solution- For our problem we don’t have a computationally expensive verifying step as this problem has. Producer consumer pattern will help us get speedup. To resolve memory, we will have to use cluster of machines not GPU.

Takeaway for our approach

References[1] Ayman Abbas, Claas Anders Rathje, Lars Wienbrandt, and Manfred Schimmler. 2012. Dictionary Attack on TrueCrypt with RIVYERA S3-5000. In Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems (ICPADS '12). IEEE Computer Society, Washington, DC, USA, 93-100. DOI=http://dx.doi.org/10.1109/ICPADS.2012.23

[2]Bernaschi, Massimo, et al. "An architecture for distributed dictionary attacks to cryptosystems." Journal of Computers 4.5 (2009): 378-386.

[3] Fabrizio Milo, Massimo Bernaschi, and Mauro Bisson. 2011. A fast, GPU based, dictionary attack to OpenPGP secret keyrings. J. Syst. Softw. 84, 12 (December 2011), 2088-2096. DOI=http://dx.doi.org/10.1016/j.jss.2011.05.027

Questions?