ebook img

Password Cracking Research at FSU - Florida State University PDF

58 Pages·2010·3.04 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Password Cracking Research at FSU - Florida State University

Password Cracking Research at FSU Sudhir Aggarwal, Matt Weir, Breno de Medeiros Florida State University Department of Computer Science E-Crimes Investigative Technologies Lab Tallahassee, Florida 32306 October 21, 2010 Our Research FORENSICS Assist Law Enforcement I’M CRACKING PASSWORDS Develop better ways to model how people actually create passwords CRACKING PASSWORDS Investigate how we can make passwords more secure The Plan 1. Obtaining the Data-sets 2. Probabilistic Password Cracking Improvements 3. Pass-Phrase Cracking Two Types of Password Cracking Online - The system is still operational - You may only be allowed a few guesses Offline - You grabbed the password hash - Computer forensics setting Cracking Passwords Generate a password guess - password123 Hash the guess - A5732067234F23B21 Compare the hash to the password hash you are trying to crack 5 Dictionary based attacks Password-cracking dictionaries may contain entries that are not natural language words, e.g., ‘qwerty’ Dictionary based attacks derive multiple password guesses from a single dictionary entry by application of fixed rules, such as ‘replace a with @’ or ‘add any two digits to the end’ Novel approach: Infer a probabilistic grammar for ‘mangling rules’ from a password dataset 6 Existing Password Crackers John the Ripper Cain & Able L0phtcrack Access Data’s PRTK etc... 7 Focus of Research Most of our research focuses on how to make better password guesses - Hash neutral. Aka you would create the same guesses regardless if you are attacking a Truecrypt or a WinRAR encrypted file We are also exploring implementing faster hashing algorithms using GPUs. - Target program specific. Aka the hashing that Truecrypt and WinRAR uses is different Obtaining the Datasets Obtaining Real Passwords Originally we were concerned that one of the main problems with our research would be collecting valid data-sets to train/test against In reality, that hasn’t been much of a problem for web- based passwords

Description:
Password Cracking Research at FSU. Sudhir Aggarwal, Matt Weir, Breno de Medeiros. Florida State University. Department of Computer Science. E-Crimes Investigative
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.