Add to collection(s) Add to saved
  1. Social Science

Passwords/Cracking/ Applications

advertisement 
Overview
Why I chose Passwords
Definition of Passwords
Talk about Password Cracking
Recommended passwords
Password Cracking application Cain & Abel
Experiment of Cain & Abel
Prevention of password cracking
Conclusion
References
Passwords/Cracking/
Applications
Intranet and Internet Security
CMPT 320
Dr. Stefan Robila
Harry Artinian
Why I chose passwords
Definition of Passwords
I was always interested in passwords and how they work
A password is a secret word or string of characters that is
used for authentication Also to prove identity or gain access to a resource
How do passwords work
The password has to be kept hidden from those not
allowed permission to it How can a password be hacked into
Are they safe
A conventional form of authentication is to use a username
and password
Methods of prevention
It confirms the two against a secure file
If either do not match, you cannot enter
Definition of Passwords
Some passwords are made from many words and may more
accurately be called a passphrase
Some disadvantages are that they may be spoofed, stolen,
forgotten, etc
After three failed password entry attempts, some systems
inflict a time-out of several seconds
A lot of systems keep or transmit a cryptographic hash of
the password in a way that makes the hash value
accessible to an attacker
More secure networks keep each password in a
cryptographically protected form. While confirmation of
user access attempts remains possible, admittance to the
real password will still be difficult for an hacker who gains
internal access to the system.
Recommended passwords
A common password length recommendation is 8 or more
arbitrarily chosen characters combining letters, numbers,
and special characters (punctuation, etc)
This recommendation makes sense for systems using
powerful password hashing mechanisms such as md5-crypt
and the Blowfish-based bcrypt
Longer the password the better
Harder to decrypt
Password Cracking
Password cracking is the action of recovering passwords
from data that has been stored in or passed on by a
computer system
The reason of password cracking could be to help a user
recover a forgotten password
The most commonly used hash functions can be calculated
rapidly and the attacker can test guesses repeatedly with
alternative guesses until one succeeds, meaning the
plaintext password has been regained
Attackers can use keystroke logging, social engineering,
wiretapping, login spoofing, dumpster diving, phishing,
timing attack, shoulder surfing, acoustic cryptanalysis,
using a Trojan Horse or virus, identity management system
attacks and compromising host security to crack passwords
Password Cracking application Cain &
Abel
I researched a few password cracking applications
Did a search on Google and found a site which listed the
top ten applications
Cain & Abel was the top one
The program allows easy recovery of various kind of
passwords by sniffing the network, Brute-Force and
Cryptanalysis attacks, cracking encrypted passwords using
Dictionary, recording VoIP conversations, decoding
scrambled passwords, recovering wireless network keys,
revealing password boxes, uncovering cached passwords
and analyzing routing protocols
Experiment
Gmail
Tested one of the features IE 7 Passwords
Decrypts the passwords stored in IE
It works with the autocomplete feature
The passwords stored in autocomplete get decypted
Only work if you say yes to remember your password
Tested Gmail Cain & Abel
IE 7 Password
Info about Cain & Abel
Just want to point out a statement from their site
Verbatum:"Cain & Abel has been developed in the hope
that it will be useful for network administrators, teachers,
security consultants/professionals, forensic staff, security
software vendors, professional penetration tester and
everyone else that plans to use it for ethical reasons. The
author will not help or support any illegal activity done
with this program. Be warned that there is the possibility
that you will cause damages and/or loss of data using this
software and that in no events shall the author be liable
for such damages or loss of data. Please carefully read the
License Agreement included in the program before using
it."
I don't condone password cracking other than this!
Conclusion
Passwords are used commonly as a means of
authentication
Choose a password that is longer than 8 characters mixing
letters, numbers, and symbols
Prevention of password cracking
The greatest method of preventing password cracking is to
affirm that attackers cannot get access even to the
encrypted password
Use md5-crypt with a 24-bit salt with the "enable secret"
command
These newer techniques use great salt values which limit
attackers from efficiently mounting offline attacks against
a user accounts simultaneously
The algorithms being much slower to run, enormously
increases the time required to mount a successful offline
attack
References
http://en.wikipedia.org/wiki/Passwords
http://en.wikipedia.org/wiki/Password_cracking
http://computer.howstuffworks.com/encryption6.htm
The longer the password the better
Cain & Abel is one password cracking application which
can readily retrieve passwords stored in IE 7. Using md5-crypt with a 24-bit salt with the "enable secret"
command is a method for preventing password cracking
http://www.usewisdom.com/computer/passwords.html
http://www.oxid.it/cain.html
http://sectools.org/crackers.html
Related documents
Password-Based Football
Password-Based Football
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
TPR O-chem Chapter 2
TPR O-chem Chapter 2
Registration Form - Request for Access to the Local Government
Registration Form - Request for Access to the Local Government
Lab9 - Computing and Information Sciences
Lab9 - Computing and Information Sciences
Download
advertisement