Oct 09, 2019 John the Ripper (also called simply ‘John’ ) is the most well known free password cracking tool that owes its success to its user-friendly command-line interface. John has autodetect capability. Because John uses a large word list file to perform the dictionary crack, this word list can be broken up into equal pieces and distributed to each process involved. Each process would then try to crack each password using only the words it has. Uncracked passwords could then be passed onto the next process.
(Redirected from Password hacking)
In cryptanalysis and computer security, password cracking is the process of recovering passwords[1] from data that has been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.[2]
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby system administrators check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file's permissions are restricted.
Time needed for password searches[edit]
The time to crack a password is related to bit strength (seepassword strength), which is a measure of the password's entropy, and the details of how the password is stored. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. One example is brute-force cracking, in which a computer tries every possible key or password until it succeeds. With multiple processors, this time can be optimized through searching from the last possible group of symbols and the beginning at the same time, with other processors being placed to search through a designated selection of possible passwords.[3] More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc. attempt to reduce the number of trials required and will usually be attempted before brute force. Higher password bit strength exponentially increases the number of candidate passwords that must be checked, on average, to recover the password and reduces the likelihood that the password will be found in any cracking dictionary.[4]
The ability to crack passwords using computer programs is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible. If not, the rate depends on whether the authentication software limits how often a password can be tried, either by time delays, CAPTCHAs, or forced lockouts after some number of failed attempts. Another situation where quick guessing is possible is when the password is used to form a cryptographic key. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data.
For some kinds of password hash, ordinary desktop computers can test over a hundred million passwords per second using password cracking tools running on a general purpose CPU and billions of passwords per second using GPU-based password cracking tools[1][5][6] (See: John the Ripper benchmarks).[7] The rate of password guessing depends heavily on the cryptographic function used by the system to generate password hashes. A suitable password hashing function, such as bcrypt, is many orders of magnitude better than a naive function like simple MD5 or SHA. A user-selected eight-character password with numbers, mixed case, and symbols, with commonly selected passwords and other dictionary matches filtered out, reaches an estimated 30-bit strength, according to NIST. 230 is only one billion permutations[8] and would be cracked in seconds if the hashing function is naive. When ordinary desktop computers are combined in a cracking effort, as can be done with botnets, the capabilities of password cracking are considerably extended. In 2002, distributed.net successfully found a 64-bit RC5 key in four years, in an effort which included over 300,000 different computers at various times, and which generated an average of over 12 billion keys per second.[9]
Graphics processors can speed up password cracking by a factor of 50 to 100 over general purpose computers for specific hashing algorithms. As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.[10] Such a device can crack a 10 letter single-case password in one day. The work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs.[citation needed]. However some algorithms are or even are specifically designed to run slow on GPUs. Examples include (triple) DES, bcrypt , scrypt and Argon2.
The emergence of hardware acceleration over the past decade GPU resources to be used to increase the efficiency and speed of a brute force attack for most hashing algorithms. In 2012, Stricture Consulting Group unveiled a 25-GPU cluster that achieved a brute force attack speed of 350 billion guesses per second, allowing them to check password combinations in 5.5 hours. Using ocl-Hashcat Plus on a Virtual OpenCL cluster platform[11], the Linux-based GPU cluster was used to 'crack 90 percent of the 6.5 million password hashes belonging to users of LinkedIn.'[12]
For some specific hashing algorithms, CPUs and GPUs are not a good match. Purpose made hardware is required to run at high speeds. Custom hardware can be made using FPGA or ASIC technology. Development for both technologies is complex and (very) expensive. In general, FPGAs are favorable in small quantities, ASICs are favorable in (very) large quantities, more energy efficient and faster. In 1998, the Electronic Frontier Foundation (EFF) built a dedicated password cracker using ASICs. Their machine, Deep Crack, broke a DES 56-bit key in 56 hours, testing over 90 billion keys per second[13]. In 2017, leaked documents show that ASICs are used for a military project to code-break the entire internet[14]. Designing and buildig ASIC-basic password crackers is assumed to be out of reach for non-governments. Since 2019, John the Ripper supports password cracking for a limited number of hashing algorithms using FPGAs[15]. FPGA-based setups are now in use by commercial companies for password cracking[16].
Easy to remember, hard to guess[edit]
Passwords that are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password using an insecure method, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. 'have a mix of uppercase and lowercase letters and digits' or 'change it monthly', the greater the degree to which users will subvert the system.[17]
In 'The Memorability and Security of Passwords',[18] Jeff Yan et al. examines the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed 'algorithm' for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a 'mix of uppercase and lowercase characters' is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalizes one of the letters). Asking users to use 'both letters and digits' will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions which are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
Research detailed in an April 2015 paper by several professors at Carnegie Mellon University shows that people's choices of password structure often follow several known patterns. As a result, passwords may be much more easily cracked than their mathematical probabilities would otherwise indicate. Passwords containing one digit, for example, disproportionately include it at the end of the password.[19]
Incidents[edit]
On July 16, 1998, CERT reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already cracked 47,642 passwords.[20]
In December 2009, a major password breach of the Rockyou.com website occurred that led to the release of 32 million passwords. The attacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the internet. Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The Imperva Application Defense Center (ADC) did an analysis on the strength of the passwords.[21]
John The Ripper Email Password Cracker
In June 2011, NATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-bookshop. The data were leaked as part of Operation AntiSec, a movement that includes Anonymous, LulzSec, as well as other hacking groups and individuals.[22]
On July 11, 2011, Booz Allen Hamilton, a large American Consulting firm that does a substantial amount of work for the Pentagon, had their servers hacked by Anonymous and leaked the same day. 'The leak, dubbed 'Military Meltdown Monday,' includes 90,000 logins of military personnel—including personnel from USCENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors.'[23] These leaked passwords wound up being hashed with unsaltedSHA-1, and were later analyzed by the ADC team at Imperva, revealing that even some military personnel used passwords as weak as '1234'.[24]
On July 18, 2011, Microsoft Hotmail banned the password: '123456'.[25]
In July 2015, a group calling itself 'The Impact Team' stole the user data of Ashley Madison. Many passwords were hashed using both the relatively strong bcrypt algorithm and the weaker MD5 hash. Attacking the latter algorithm allowed some 11 million plaintext passwords to be recovered.
Prevention[edit]
The best method of preventing a password from being cracked is to ensure that attackers cannot get access even to the hashed password[citation needed]. For example, on the Unixoperating system, hashed passwords were originally stored in a publicly accessible file /etc/passwd. On modern Unix (and similar) systems, on the other hand, they are stored in the shadow password file /etc/shadow, which is accessible only to programs running with enhanced privileges (i.e., 'system' privileges). This makes it harder for a malicious user to obtain the hashed passwords in the first instance, however many collections of password hashes have been stolen despite such protection. Another strong approach is to combine a site-specific secret key with the password hash, which prevents plaintext password recovery even if the hashed values are purloined. A third approach is to use key derivation functions that reduce the rate at which passwords can be guessed.[26]:5.1.1.2Unfortunately, many common Network Protocols transmit passwords in cleartext or use weak challenge/response schemes.[27][28]
Modern Unix Systems have replaced traditional DES-based password hashing function crypt() with stronger methods such as bcrypt and scrypt.[29] Other systems have also begun to adopt these methods. For instance, the Cisco IOS originally used a reversible Vigenère cipher to encrypt passwords, but now uses md5-crypt with a 24-bit salt when the 'enable secret' command is used.[30] These newer methods use large salt values which prevent attackers from efficiently mounting offline attacks against multiple user accounts simultaneously. The algorithms are also much slower to execute which drastically increases the time required to mount a successful offline attack.[31]
Many hashes used for storing passwords, such as MD5 and the SHA family, are designed for fast computation and efficient implementation in hardware. As a result, they are ineffective in preventing password cracking, especially with methods like rainbow tables. Using key stretching Algorithms, such as PBKDF2, to form password hashes can significantly reduce the rate at which passwords can be tested.
Solutions like a security token give a formal proof answer by constantly shifting password. Those solutions abruptly reduce the timeframe available for brute forcing (attacker needs to break and use the password within a single shift) and they reduce the value of the stolen passwords because of its short time validity.
In 2013 a long-term Password Hashing Competition was announced to choose a new, standard algorithm for password hashing.[32]
Software[edit]
There are many password cracking software tools, but the most popular[33] are Aircrack, Cain and Abel, John the Ripper, Hashcat, Hydra, DaveGrohl and ElcomSoft. Many litigation support software packages also include password cracking functionality. Most of these packages employ a mixture of cracking strategies, algorithm with brute force and dictionary attacks proving to be the most productive.[citation needed]
The increased availability of computing power and beginner friendly automated password cracking software for a number of protection schemes has allowed the activity to be taken up by script kiddies.[34]
See also[edit]
References[edit]
- ^ aboclHashcat-lite – advanced password recovery. Hashcat.net. Retrieved on January 31, 2013.
- ^Montoro, Massimiliano (2009). 'Brute-Force Password Cracker'. Oxid.it. Archived from the original on August 20, 2013. Retrieved August 13, 2013.CS1 maint: unfit url (link)
- ^Bahadursingh, Roman (January 19, 2020). [Roman Bahadursingh. (2020). A Distributed Algorithm for Brute Force Password Cracking on n Processors. http://doi.org/10.5281/zenodo.3612276 'A Distributed Algorithm for Brute Force Password Cracking on n Processors'] Check
|url=
value (help). zenodo.org. doi:10.5281/zenodo.3612276. - ^Lundin, Leigh (August 11, 2013). 'PINs and Passwords, Part 2'. Passwords. Orlando: SleuthSayers.
- ^Alexander, Steven. (June 20, 2012) The Bug Charmer: How long should passwords be?. Bugcharmer.blogspot.com. Retrieved on January 31, 2013.
- ^Cryptohaze Blog: 154 Billion NTLM/sec on 10 hashes. Blog.cryptohaze.com (July 15, 2012). Retrieved on 2013-01-31.
- ^John the Ripper benchmarks. openwall.info (March 30, 2010). Retrieved on 2013-01-31.
- ^Burr, W. E.; Dodson, D. F.; Polk, W. T. (2006). 'Electronic Authentication Guideline'(PDF). NIST. doi:10.6028/NIST.SP.800-63v1.0.2. Retrieved March 27, 2008.Cite journal requires
|journal=
(help) - ^'64-bit key project status'. Distributed.net. Archived from the original on September 10, 2013. Retrieved March 27, 2008.
- ^Password Recovery Speed table, from ElcomSoft. NTLM passwords, Nvidia Tesla S1070 GPU, accessed February 1, 2011
- ^http://www.mosix.org/txt_vcl.html/
- ^'25-GPU cluster cracks every standard Windows password in <6 hours'. 2012.
- ^'EFF DES Cracker machine brings honesty to crypto debate'. EFF. Archived from the original on January 1, 2010. Retrieved June 7, 2020.
- ^'NYU ACCIDENTALLY EXPOSED MILITARY CODE-BREAKING COMPUTER PROJECT TO ENTIRE INTERNET'.
- ^'John the Ripper 1.9.0-jumbo-1'.
- ^'Bcrypt password cracking extremely slow? Not if you are using hundreds of FPGAs!'.
- ^Managing Network Security. Fred Cohen & Associates. All.net. Retrieved on January 31, 2013.
- ^Yan, J.; Blackwell, A.; Anderson, R.; Grant, A. (2004). 'Password Memorability and Security: Empirical Results'(PDF). IEEE Security & Privacy Magazine. 2 (5): 25. doi:10.1109/MSP.2004.81.
- ^Steinberg, Joseph (April 21, 2015). 'New Technology Cracks 'Strong' Passwords – What You Need To Know'. Forbes.
- ^'CERT IN-98.03'. Retrieved September 9, 2009.
- ^'Consumer Password Worst Practices'(PDF).
- ^'NATO Hack Attack'. Retrieved July 24, 2011.
- ^'Anonymous Leaks 90,000 Military Email Accounts in Latest Antisec Attack'. July 11, 2011.
- ^'Military Password Analysis'. July 12, 2011.
- ^'Microsoft's Hotmail Bans 123456'. Imperva. July 18, 2011. Archived from the original on March 27, 2012.
- ^Grassi, Paul A (June 2017). 'SP 800-63B-3 – Digital Identity Guidelines, Authentication and Lifecycle Management'. NIST. doi:10.6028/NIST.SP.800-63b.Cite journal requires
|journal=
(help) - ^Singer, Abe (November 2001). 'No Plaintext Passwords'(PDF). Login. 26 (7): 83–91. Archived from the original(PDF) on September 24, 2006.
- ^Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol. Schneier.com (July 7, 2011). Retrieved on 2013-01-31.
- ^A Future-Adaptable Password Scheme. Usenix.org (March 13, 2002). Retrieved on 2013-01-31.
- ^MDCrack FAQ 1.8. None. Retrieved on January 31, 2013.
- ^Password Protection for Modern Operating Systems. Usenix.org. Retrieved on January 31, 2013.
- ^'Password Hashing Competition'. Archived from the original on September 2, 2013. Retrieved March 3, 2013.
- ^'Top 10 Password Crackers'. Sectools. Retrieved November 1, 2009.
- ^Anderson, Nate (March 24, 2013). 'How I became a password cracker: Cracking passwords is officially a 'script kiddie' activity now'. Ars Technica. Retrieved March 24, 2013.
External links[edit]
- Philippe Oechslin: Making a Faster Cryptanalytic Time-Memory Trade-Off. CRYPTO 2003: pp617–630
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Password_cracking&oldid=976873592'
(Redirected from Crack (password cracker))
Developer(s) | Alec Muffett |
---|---|
Stable release | |
Operating system | Unix |
Type | password cracking |
Website | www.crypticide.com |
Crack is a Unixpassword cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems[1][2][3][4] and (later) the first to introduce programmable dictionary generation.
Crack began in 1990 when Alec Muffett, a Unixsystem administrator at the University of WalesAberystwyth was trying to improve Dan Farmer's 'pwc' cracker in COPS and found that by re-engineering its memory management he got a noticeable performance increase. This led to a total rewrite[5] which became 'Crack v2.0' and further development to improve usability.
Public Releases[edit]
The first public release of Crack was version 2.7a, which was posted to the Usenet newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the Unixcrypt() function but was still only really a faster version of what was already available in other packages.
The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrators arsenal.
- Programmable dictionary generator
- Network distributed password cracking
Crack v5.0a[6] released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt() variants such as those needed to attack the MD5 password hashes used on more modern Unix, Linux and Windows NT[7] systems. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker.
Legal issues arising from using Crack[edit]
Randal L. Schwartz, a notable Perl programming expert, in 1995 was prosecuted for using Crack[8][9] on the password file of a system at Intel, a case the verdict of which was eventually expunged.[10]
Crack was also used by Kevin Mitnick when hacking into Sun Microsystems in 1993.[11]
Programmable dictionary generator[edit]
While traditional password cracking tools simply fed a pre-existing dictionary of words through the crypt() function, Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists.
These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example:
- X<8l/i/olsi1so0$=
- Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign.
These rules could also process the GECOS field in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. Crack's dictionary generation rule syntax was subsequently borrowed[12] and extended[13] by Solar Designer for John the Ripper.
The dictionary generation software for Crack was subsequently reused by Muffett[14] to create CrackLib, a proactive password checking library that is bundled with Debian[15] and Red Hat Enterprise Linux-derived[16] Linux distributions.
Network distributed password cracking[edit]
As password cracking is inherently embarrassingly parallel Crack v4.0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking effort.
All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the -network option. Kingdom come deliverance lost sword.
Password Cracking With John The Ripper
See also[edit]
References[edit]
- ^David R. Mirza Ahmad; Ryan Russell (25 April 2002). Hack proofing your network. Syngress. pp. 181–. ISBN978-1-928994-70-1. Retrieved 17 February 2012.
- ^William R. Cheswick; Steven M. Bellovin; Aviel D. Rubin (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Professional. pp. 129–. ISBN978-0-201-63466-2. Retrieved 17 February 2012.
- ^Venema, Wietse (1996-07-01). 'Murphy's law and computer security'. Proceedings of the Sixth USENIX UNIX Security Symposium. Retrieved 2012-02-17.
- ^Anonymous (2003). Maximum security. Sams Publishing. pp. 269–. ISBN978-0-672-32459-8. Retrieved 17 February 2012.
- ^Muffett, Alec. 'Crypticide I: Thirteen Years of Crack'. blog post. Retrieved 2012-02-17.
- ^Muffett, Alec. 'Crack v5.0'. Retrieved 2012-02-17.
- ^Sverre H. Huseby (15 March 2004). Innocent code: a security wake-up call for Web programmers. John Wiley & Sons. pp. 148–. ISBN978-0-470-85744-1. Retrieved 17 February 2012.
- ^Simson Garfinkel; Gene Spafford; Alan Schwartz (17 May 2011). Practical UNIX and Internet Security. O'Reilly Media, Inc. pp. 608–. ISBN978-1-4493-1012-7. Retrieved 17 February 2012.
- ^Hakim, Anthony (2004-10-10), 'Global Information Assurance Certification Paper Global Information Assurance Certification Paper', Intel v. Randal L. Schwartz (PDF), SANS Institute, p. 5, retrieved 2012-02-17
- ^'Randal Schwartz's Charges Expunged - Slashdot'. Retrieved 2012-02-17.
- ^Mitnick, Kevin (2011). 'Here comes the Sun'. Ghost in the Wires. Little, Brown. ISBN978-0-316-03770-9.
- ^Designer, Solar. 'John the Ripper - credits'. Solar Designer. Retrieved 2012-02-17.
- ^Designer, Solar. 'John the Ripper - wordlist rules syntax'. Solar Designer. Retrieved 2012-02-17.
- ^David N. Blank-Edelman (21 May 2009). Automating system administration with Perl. O'Reilly Media, Inc. pp. 461–. ISBN978-0-596-00639-6. Retrieved 17 February 2012.
- ^'Debian Package Search'. Retrieved 2012-02-17.
- ^'CrackLib Enhancement Update'. Archived from the original on 2012-04-21. Retrieved 2012-02-17.
John The Ripper Password Cracking
External links[edit]
John The Ripper Distributed Password Cracking Dictionaries Download
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Crack_(password_software)&oldid=970249683'