Transcript Slide 1

Network Security
Kevin Curran
Network Security (1)
Security concerns a variety of threats and defenses
across all layers
Some different adversaries and security threats
• Different threats require different defenses
Cryptography
•Cryptography is a fundamental building block for security mechanisms.
•Cryptanalysis is the study of methods for obtaining the plain text of encrypted
information without access to the key that is usually required to decrypt. In layman's terms it is the practice of code breaking or cracking code.
• The dictionary defines cryptanalysis as the analysis and deciphering of
cryptographic writings/systems, or the branch of cryptography concerned with
decoding encrypted messages.
• Most cryptanalysis techniques
exploit patterns found in the plain
text code in order to crack the
cipher; however compression of the
data can reduce these patterns and
hence enhance the resistance to
cryptanalysis
Introduction
The encryption model (for a symmetric-key cipher)
• Kerckhoff’s principle: Algorithms (E, D) are public;
only the keys (K) are secret
Trudy
Alice
Bob
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Frequency Analysis
Frequency Analysis
Substitution Ciphers
Substitution ciphers replace each group of letters in the
message with another group of letters to disguise it
Simple single-letter substitution cipher
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Transposition Ciphers
Transposition ciphers reorder letters to disguise them
Key gives column order
Column 5
6
Simple column transposition cipher
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
7
8
Code Talkers
• Code talkers was a term used to describe people who talk using a coded language.
• It is frequently used to describe 400 Native American Marines who served in the
United States Marine Corps whose job was the transmission of secret tactical messages.
• Code talkers transmitted these messages over military telephone or radio communications nets
using formal or informally developed codes built upon their native languages.
• Because Navajo has a complex grammar, it is not nearly mutually intelligible enough with even
its closest relatives within the Na-Dene family to provide meaningful information, and was at this
time an unwritten language…..Navajo answered the military requirement for an undecipherable
code.
• Using a substitution method similar to the Navajo,
the Comanche code word for tank was "turtle", bomber
was "pregnant airplane", machine gun was "sewing machine“
and Adolf Hitler became "crazy white man".
Unbreakable Codes
•Is it possible to devise a code so
strong that it is absolutely unbreakable?
•The Short Answer is Yes….but….
One Time Pads
• The sender and receiver each need identical copies of the one- time pad, which
consists a very long totally random string of letters from the alphabet.
• Since key word does not end before the message is concluded - no cycle of ciphers.
• Since each individual letter in the key word is random, and bears no relation
to any other letter, the string that is transmitted is itself a totally random
string. After the message is transmitted the sender destroys the pad, as does the
receiver after he has deciphered the message.
•Even the lengths of individual words can be masked, symbols like punctuation
marks and spaces can themselves be given a symbol in an augmented alphabet.
Different secret pad decrypts to the wrong plaintext
One-Time Pads – Quantum Crypto
Alice sending Bob a one-time pad with quantum crypto.
• Bob’s guesses yield bits; Trudy misses some
• Bob can detect Trudy since error rate increases
Fundamental Cryptographic Principles
1.
•
•
•
Messages must contain some redundancy
All encrypted messages decrypt to something
Redundancy lets receiver recognize a valid message
But redundancy helps attackers break the design
2. Some method is needed to foil replay attacks
• Without a way to check if messages are fresh then
old messages can be copied and resent
• For example, add a date stamp to messages
Symmetric-Key Algorithms (1)
Use the same secret key to encrypt and decrypt;
block ciphers operate a block at a time
• Product cipher combines transpositions/substitutions
Permutation
(transposition)
box
Substitution
box
Product with multiple P- and S-boxes
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Data Encryption Standard (1)
DES encryption was widely used (but no longer secure)
Contains
transpositions
& substitutions
DES steps
A single iteration
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Data Encryption Standard (2)
Triple encryption (“3DES”) with two 56-bit keys
• Gives an adequate key strength of 112 bits
• Setting K1 = K2 allows for compatibility with DES
Triple DES encryption
Triple DES decryption
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Advanced Encryption Standard (1)
AES is the successor to DES:
• Symmetric block cipher, key lengths up to 256 bits
• Openly designed by public competition (1997-2000)
• Available for use by everyone
• Built as software (e.g., C) or hardware (e.g., x86)
• Winner was Rijndael cipher
• Now a widely used standard
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Advanced Encryption Standard (2)
AES uses 10 rounds for 128-bit block and 128-bit key
• Each round uses a key derived from 128-bit key
• Each round has a mix of substitutions and rotations
• All steps are reversible to allow for decryption
Round keys are derived from 128-bit secret key
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Cipher Modes (1)
Cipher modes set how long messages are encrypted
• Encrypting each block independently, called ECB
(Electronic Code Book) mode, is vulnerable to shifts
With ECB mode, switching encrypted
blocks gives a different but valid message
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Leslie gets a
large bonus!
Cipher Modes (2)
CBC (Cipher Block Chaining) is a widely used mode
• Chains blocks together with XOR to prevent shifts
• Has a random IV (Initial Value) for different output
CBC mode encryption
CBC mode decryption
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Cipher Modes (3)
There are many other modes with pros / cons, e.g.,
cipher feedback mode is similar to CBC mode but can
operate a byte (rather than a whole block) at a time
Encryption
Decryption
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Cipher Modes (4)
A stream cipher uses the key and IV to generate a
stream that is a one-time pad; can’t reuse (key, IV) pair
• Doesn’t amplify transmission errors like CBC mode
Encryption
Decryption
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Cipher Modes (5)
Counter mode (encrypt a counter and XOR it with each
message block) allows random access for decryption
Encryption above; repeat the operation to decrypt
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Public-Key Algorithms (1)
Downsides of keys for symmetric-key designs:
• Key must be secret, yet be distributed to both parties
• For N users there are N2 pairwise keys to manage
Public key schemes split the key into public and private parts
that are mathematically related:
• Private part is not distributed; easy to keep secret
• Only one public key per user needs to be managed
Security depends on the chosen mathematical property
• Much slower than symmetric-key, e.g., 1000X
• So use it to set up per-session symmetric keys
Key Generation
•Until the early 1970’s, the underlying idea, and the assumptions that underpinned secret codes, had
however not altered in all that time. The purpose of a cipher was for the sender to transmit to his
chosen receiver a message which, while travelling in public domain, was vulnerable to interception.
• However, the transmission was of no use to the receiver unless he possessed the key to the cipher. All
ciphers had common feature that secure messages could not be passed back and forth unless those
conducting the secure conversation had, at one time, exchanged the key to the cipher in secrecy…
• Here is what they came up with in no-electronic form: Transmission of a secure message from Alice to
Bob does not in itself necessitate the exchange of the key to a cipher, for they can proceed as follows.
1.
Alice writes her plaintext message for Bob, and places it in a box that she secures with her own
padlock. Only Alice has the key to this lock.
2.
She then posts the box to Bob, who of course cannot open it. Bob however then adds a second
padlock to the box, for which he alone possesses the key.
3.
The box is then returned to Alice, who then removes her own lock, and sends the box for a second
time to Bob.
4.
This time Bob may unlock the box and read Alice’s message, secure in the knowledge that Eve
could not have peeked at the contents during delivery process.
Public Key Encryption
• one-way property: given x , anyone could calculate f (x ) but given f (x ), it was
near impossible to recover the number x unless you were in on the secret of its
structure.
•The principal ingredient of Alice’s RSA private key is a very large pair of prime
numbers, p and q . (In real life these are up to 200 digits in length.)
• In order to use Alice’s public key however, Bob does not need p and q but rather
the product, n of these two primes: pq = n. This represents the first step in the
process.
• The next key step however is to invent a trapdoor function f (x ) that can be
calculated as long as we possess n but has the property that, given the number f (x ),
it is a practical impossibility to recover x without the two magic numbers p and q .
• Practical experience had shown that recovering p and q from n took a prohibitive
amount of computing power.
•Today the RSA program is the most used piece of software on Earth and it is
squarely based on the ideas of Euclid, Fermat and Euler and arguments of Cocks.
How Clifford Proceeded
• Since any message can be translated into a string of numbers, the problem comes
down to how Bob may securely send a particular number, let us call it M for message....
•Alice’s private key is based on two prime numbers, p and q that only she knows.
•In this toy example, which is quite representative of the real situation, we shall use the
small primes p = 23 and q = 47.
• The publicly known product of these two numbers is n = 23 × 47 = 1081.
• The approach is to mask the value of M using modular arithmetic, that is to say clock
arithmetic in this case based on a clock whose face is numbered by 0, 1, 2, · · · , n -1.
• What Alice leaves in the public domain is the number n and also another number, e
for encoding messages meant for her.
• What Bob sends to Alice is not of course M itself (for if he did then Eve would be
liable to overhear) but rather the remainder when Me is divided by n.
• For example, if Bob’s message was M = 77 and if the encoding number that Alice
tells people to use is e = 15, then Bob, or rather his computer, would calculate the
remainder when 7715 was divided by n = 1081. This remainder turns out to be 646
Public Key Encryption
And so Bob sends to Alice his disguised message in the form of the enciphered
message 646.
Eve will presumably intercept this message and know that Bob’s message is
encoded as 646 when using Alice’s public key which she knows as well as
anyone consists of n = 1081 and e = 15. But how can the original message be
teased back out?
For Alice, who knows that 1081 = 23 × 47, this is quite straight-forward. For,
once in possession of the prime factors of n, it is possible to determine a
decoding number d which is found using the values of p , q and e .
It turns out in this case that a suitable value for the decoding number is d =
135. Alice’s computer then works out the remainder when 646135 is divided by
n = 1081, and the underlying mathematics ensures that the answer will be the
original message M = 77.
RSA Key Ingredient
A key ingredient in the method is the value of the number (p - 1)(q - 1), which
is denoted by φ(n), and in this case we see that φ(1081) = 22 × 46 = 1012.
The encoding number e that Alice chooses in her public key cannot be
completely arbitrary but must have no factor in common with φ(n).
The prime factors of 1012 are seen to be 2, 11 and 23 so that e must not be a
multiple of any of these three primes. This is only a very mild restriction and
Alice’s particular choice of e = 15 = 3 × 5 is perfectly all right.
The decoding number d is chosen, and this is always possible, so that the product
ed leaves a remainder of 1 when divided by (p - 1)(q - 1).
The message number M itself needs to be less than n but in practice this is no
restriction as the size of n in real applications is so monstrous it can
accommodate all the values of M enough to cover any real message we would
ever wish to send.
Public Key Encryption Example
For instance let us take p = 3 and q = 11 so that n = pq = 33 and φ(n) = (p - 1)(q 1) = 2 × 10 = 20.
Alice then publishes n = 33 and suppose she sets e = 7, which is permissible, as 7 has no
factor in common with 20.
d then has to be chosen so that ed = 7d leaves remainder of 1 when divided by 20.
By inspection we see a solution is d = 3, for then 7d = 21.
Now Alice has her little RSA cipher all set up.
If Bob wants to send the message M = 6, then he computes Me = 67 = 279, 936, divides
this number by 33 to find that the remainder is 30, and so Bob would send the number
30 over an open channel.
Alice would receive Bob’s 30 and decipher its real meaning by calculating 303 = 27, 000.
Division by n = 33 then gives her 27, 000 = 33 × 818 + 6.
Again it is only the remainder 6 that is of interest as that is Bob’s plaintext message.
Digital Signatures
Lets receiver verify the message is authentic
•
•
•
•
Symmetric-Key signatures »
Public-Key signatures »
Message digests »
The birthday attack »
Requirements for a signature:
• Receiver can verify claimed identity of sender.
• Sender cannot later repudiate contents of message.
• Receiver cannot have concocted message himself.
Symmetric-key Signatures
Alice and Bob each trust and share a key with Big
Brother; Big Brother doesn’t trust anyone
• A=Alice, B=Bob, P=message, RA=random, t=time
Only Alice can send this
encrypted message to BB
Only BB can send this
encrypted message to Bob
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Public-Key Signatures
No Big Brother and assumes encryption and decryption
are inverses that can be applied in either order
• But relies on private key kept and secret
• RSA & DSS (Digital Signature Standard) widely used
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Message Digests (1)
Message Digest (MD) converts arbitrary-size message
(P) into a fixed-size identifier MD(P) with properties:
• Given P, easy to compute MD(P).
• Given MD(P), effectively impossible to find P.
• Given P no one can find P′ so that MD(P′) = MD(P).
• Changing 1 bit of P produces very different MD.
Message digests (also called cryptographic hash) can
“stand for” messages in protocols, e.g., authentication
• Example: SHA-1 160-bit hash, widely used
• Example: MD5 128-bit hash – now known broken
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Message Digests (2)
Public-key signature for message authenticity but not
confidentiality with a message digest
Message sent
in the clear
Alice signs
message digest
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Message Digests (3)
In more detail: example of using SHA-1 message digest
and RSA public key for signing nonsecret messages
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Message Digests (4)
SHA-1 digests the message 512 bits at a time to build a
160-bit hash as five 32-bit components
SHA-1
Message in 512-bit blocks
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Five 32-bit
hashes output
Management of Public Keys
We need a trusted way to distribute public keys
•
Certificates, X.509, the certificate standard,
Public Key infrastructures
Trudy can subvert encryption if she can fake Bob’s
public key; Alice and Bob will not necessarily know
Trudy replaces EB with ET and
acts as a “man in the middle”
Certificates
CA (Certification Authority) issues signed statements
about public keys; users trust CA and it can be offline
A possible certificate
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
X.509
X.509 is the standard for widely used certificates
• Ex: used with SSL for secure Web browsing
Basic fields in X.509 certificates
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Public Key Infrastructures (PKIs)
In cryptography, a PKI is an arrangement that binds public keys with respective user
identities by means of a certificate authority (CA).
•
Scales with hierarchy, may have multiple roots. Also need CRLs
•
The binding is established through the registration and issuance process, which,
depending on the level of assurance the binding has, may be carried out by
software at a CA, or under human supervision.
•
The PKI role that assures this binding is called the Registration Authority (RA).
Trust anchor
Hierarchical PKI
Chain of certificates
for CA 5
IPsec (1)
IPsec adds confidentiality and authentication to IP
• Secret keys are set up for packets between
endpoints called security associations
• Adds AH header; inserted after IP in transport mode
Identifies security
association
AH (Authentication Header) provides integrity and anti-replay
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Firewalls
A firewall protect an internal network by filtering packets
• Can have stateful rules about what packets to pass
− E.g., no incoming packets to port 80 (Web) or 25 (SMTP)
•
DMZ helps to separate internal from external traffic
− E.g., run Web and Email servers there
DMZ
(DeMilitarized Zone)
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Snort.org
Snort's open source network-based intrusion detection system (NIDS) has the ability to perform
real-time traffic analysis and packet logging on Internet Protocol (IP) networks.
It can also be used to detect probes or attacks, including, but not limited to, operating system
fingerprinting attempts, common gateway interface, buffer overflows, server message block probes,
and stealth port scans.
Snort can be configured in three main modes: sniffer, packet logger, and network intrusion
detection.
1.
In sniffer mode, the program will read network packets and display them on the console.
2.
In packet logger mode, the program will log packets to the disk.
3.
In intrusion detection mode, the program will monitor network traffic and analyze it against a
rule set defined by the user.
Virtual Private Networks (1)
VPNs (Virtual Private Networks) join disconnected islands
of a logical network into a single virtual network
• Islands are joined by tunnels over the Internet
Tunnel
VPN joining London, Paris, Home, and Travel
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Virtual Private Networks (2)
VPN traffic travels over the Internet but VPN hosts are
separated from the Internet
• Need a gateway to send traffic in/out of VPN
Topology as seen from inside the VPN
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Wireless Security (1)
Wireless signals are broadcast to all nearby receivers
• Important to use encryption to secure the network
• This is an issue for 802.11, Bluetooth, 3G, …
Common design:
1. Clients have a password set up for access
2. Clients authenticate to infrastructure and set up a
session key
3. Session key is then used to encrypt packets
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Wireless Security (2)
802.11i session key setup handshake (step 2)
− Client and AP share a master key (password)
− MIC (Message Integrity Check) is like a signature
− KX(M) means a message M encrypted with key KX
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Authentication Protocols
Authentication verifies the identity of a remote party
•
•
•
•
•
Shared Secret Key »
Diffie-Hellman Key Exchange »
Key Distribution Center »
Kerberos »
Public-Key Cryptography »
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Shared Secret Key (1)
Authenticating with a challenge-response (first attempt)
•
•
Alice (A) and Bob (B) share a key KAB
RX is random, KX (M) is M encrypted with key KX
Challenge
Response
Alice knows
it’s Bob
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Bob knows
it’s Alice
Shared Secret Key
Moral: Designing a correct authentication protocol is
harder than it looks; errors are often subtle.
General design rules for authentication:
1. Have initiator prove who she is before responder
2. Initiator, responder use different keys
3. Draw challenges from different sets
4. Make protocol resistant to attacks involving second
parallel session
Shared Secret Key (6)
An authentication protocol that is not vulnerable
• HMAC (Hashed Message Authentication Code) is an
authenticator, like a signature
Alice knows
it’s Bob
Bob knows
it’s Alice
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Diffie-Hellman Key Exchange (1)
Lets two parties establish a shared secret
• Eavesdropper can’t compute secret gxy mod n
without knowing x or y
Shared secret
Shared secret
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Diffie-Hellman Key Exchange (2)
But it is vulnerable to a man-in-the-middle attack
• Need to confirm identities, not just share a secret
gxz mod n
gxz mod n
gzy mod n
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
gzy mod n
Public-Key Cryptography
Mutual authentication using public-key cryptography
• Alice and Bob get each other’s public keys (EA, EB)
from a trusted directory; shared KS is the result
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Email Security
Use of security for authenticated, confidential email
•
•
PGP—Pretty Good Privacy
PGP uses Base64 encoding
PGP—Pretty Good Privacy (1)
PGP uses public- and symmetric-key cryptography for
email secrecy and signatures; it also manages keys
Levels of public-key strengths:
• Casual (384 bits):
− Can be broken easily today.
•
Commercial (512 bits): b
− Breakable by three-letter organizations.
•
Military (1024 bits):
− Not breakable by anyone on earth.
•
Alien (2048 bits):
− Unbreakable by anyone on other planets
PGP—Pretty Good Privacy (2)
Signing and encrypting a message from Alice to Bob
• For speed, message symmetric-key IDEA encrypted
with KM; KM is RSA public-key encrypted with KB
Authentication
Confidentiality
PGP—Pretty Good Privacy (3)
Three parts of a PGP message and their encryption:
KM
PGP also manages public keys for a user:
• Private key ring has user’s public/private keys
• Public key ring has correspondent’s public keys
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Secure Naming (1)
DNS names are included as part of URLs – so spoofing
DNS resolution causes Alice contact Trudy not Bob
Trudy sends
spoofed reply
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Secure Naming (2)
How Trudy spoofs the DNS for bob.com in more detail
• To counter, DNS servers randomize seq. numbers
DNS
cache at
Alice’s
ISP
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Secure Naming (3)
DNSsec (DNS security) adds strong authenticity to DNS
• Responses are signed with public keys
• Public keys are included; client starts with top-level
• Also optional anti-spoofing to tie request/response
• Now being deployed in the Internet
Resource Record set for bob.com.
Has Bob’s public key (KEY), and is signed by .com server (SIG)
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
SSL—Secure Sockets Layer (1)
SSL provides an authenticated, secret connection
between two sockets; uses public keys with X.509
• TLS (Transport Layer Security) is the IETF version
SSL runs on
top of TCP
and below
the application
HTTPS means
HTTP over SSL
SSL in the protocol stack
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
SSL—Secure Sockets Layer (2)
Phases in SSL V3 connection establishment (simplified)
• Only the client (Alice) authenticates the server (Bob)
• Session key computed on both sides (EB, RA, RB)
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
SSL—Secure Sockets Layer (3)
Data transmission using SSL. Authentication and
encryption for a connection use the session key.
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Privacy
Anonymous remailers hide the identity of the sender
• Unlike PGP, which only hides message contents
• A chain can be used for stronger anonymity
Alice looks up keys E1,
E2, E3 separately
Bob gets a very
anonymous mail
CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011
Steganography
Steganography hides messages on unrelated content
• Can help avoid censorship or protect ownership
Text
hidden in
low-order
bits
“Three zebras and a tree”
“Three zebras and a tree,” with
five plays by Shakespeare”
Passwords
Passwords
• Bad password behaviour universal. Study (2012) revealed that about 1 in 10 use "1234“
• Yahoo showed that thousands of users' passwords were "password", "123456" or "ninja".
• This is where the length of your password makes an almost unbelievable difference. For
a hacker with the computing power to make 1,000 guesses per second, a five-letter,
purely random, all-lower-case password, such as "fpqzy", would take 3 hours to
crack…… Increase the letters to 20, it's 6.5 thousand trillion centuries…
• Then there's the question of predictability. People follow rules, like using real words
and replacing the letter O with a zero, or using first names followed by a year.
•Hackers know this, so their software can incorporate these rules when generating
guesses, vastly reducing the time it takes to hit on a correct one.
• And every time there's a new leak of millions of passwords, it effectively adds to a body
of knowledge about how people create passwords, which makes things even easier.
• Average Web user has 25 separate accounts but uses just 6.5 passwords to protect them
• Hackers which find login credentials from one site have the means to compromise
dozens of other accounts, too.
https://www.cloudcracker.com/
Passwords
A PC running an AMD Radeon HD7970
GPU, can try on average 8.2 billion password
combinations each second, depending on
the algorithm used to scramble them.
.
Passwords
Hackers are well aware of "mangling," which transforms words such as "super" or "princess" into
"sup34" and "prince$$."
Passpal can reduce cracking time by identifying patterns exhibited in a statistically significant
percentage of intercepted passwords.
Password-cracking apps such as Hashcat and Extreme GPU Bruteforcer, use mask attack to reduce
the keyspace to only those guesses likely to match a given pattern. E.g. Rather than trying
aaaaa0000, ZZZZZ9999 & every possible combination in between, it tries a lower- or upper-case
letter only for the first char, and tries only lower-case characters for the next 4 chars & then
appends all possible 4 digit numbers to the end.
An even more powerful technique is a hybrid attack which combines a word list with rules to
greatly expand the number of passwords those lists can crack. Rather than brute-forcing the five
letters in Julia1984, hackers simply compile a list of first names for every single Facebook user and
add them to a medium-sized dictionary of, say, 100 million words.
While the attack requires more combinations than the mask attack above—specifically about 1
trillion (100 million * 104) possible strings—it is still a manageable number that takes only about
two minutes using the same AMD 7970 card.
Rainbow Tables
Rather than asking a computer to enumerate each possible password in real-time and
compare it against a targeted hash, precalculated data is stored in memory or on disk in a
highly compressed form to speed up the process to brute force huge numbers of hashes.
Storing a table of every possible 10-character password with only lowercase letters, along
with its corresponding MD5 hash, would require about 3,108 terabytes of disk space. A
rainbow table by contrast, requires just 167 gigabytes.
The huge advances in GPU-assisted password cracking have diminished much of the
advantages of rainbow tables, however.
Passwords with 6 or fewer characters can be brute-force cracked with less fuss using GPUpowered computers, while passwords longer than 9or 10 characters require rainbow tables
with unwieldy file sizes. That leaves only a small sweet spot of 7or 8 characters where
rainbow tables are especially useful these days.
Still, the tables maintain their status as a useful, if niche, tool for some hackers.
In 2003, hackers released Ophcrack program that used rainbow tables to crack most
Windows passwords in minutes. CloudCracker also is a service that takes about 20
minutes to check a WiFi password against 300 million possible words.
Salting
Salting appends several unique characters to each account password before running it
though a cryptographic function, a process that blunts the value of rainbow tables and
other types of precomputed attacks.
A 16-bit salt, for example, requires 65,535—or 216—separate tables to be defeated. A
random salt of 32 bits makes rainbow table attacks even more impractical by pushing the
no of tables required to more than four billion. Salt is rarely kept apart from the hash.
Even when known, its virtue lies in its uniqueness defeating pre-computation of results.)
Salting can also add to resources required to carry out more traditional cracking attacks,
since it ensures that each stored hash is unique even if 2 users choose same passcode.
That, in turn, requires each hash in a compromised table to be cracked separately, even if
they mask one or more identical plaintext passwords.
To the detriment of millions of users, going without salt is only one of the many sins
that popular websites routinely commit against password security.
Brute Force Wall
Assuming checks for all 95 letters, numbers, and symbols – hours for desktop computer
with an Intel Core i7 980x processor to brute-force crack any five character password.
Increasing the password length by just one character requires about a day; bumping the
length by one more character, though, dramatically increases the cracking time to more
than 10 days. This limitation is known as the "exponential wall of brute-force cracking."
IMPORTANT your password not already part
of the corpus of the hundreds of millions of
codes already compiled in crackers' word lists.
Possibly randomly generated by a computer,
and that it have a minimum of ten characters
to make brute-force cracks infeasible.
Since it is not uncommon for people to have
dozens of accounts these days, the easiest way
to put this advice into practice is to use
program such as 1Password or PasswordSafe.
Both allow users to create long, randomly
generated passwords and to store them in a
cryptographically protected file that's
unlocked with a single master password.
Last Pass
LastPass is a free online password manager and Form Filler that makes your web
browsing easier and more secure.
Your sensitive data is encrypted _locally_ before upload so even LastPass cannot
get access to it.
One Time Passwords, Screen Keyboard, multi-factor help protect your account.
LastPass is secure to an almost problematic degree: since it conducts all its
encryption and decryption on users' own computers, master password is
unknown to them, which means no one will be able to help you if you forget it.
(There's no recovery process based on security questions, either.) And so – yes –
you may need to write it down, in coded form, on a scrap of paper, which you
should carefully hidden (but try to memorise it instead…..)
Remember – There is no such thing as total security, let alone total security plus
total convenience, but this feels like a workable compromise.
Conclusion