Mark Shtern

Passwords are the most common authentication method

They are inherently insecure

• Human generated passwords• Come from a small domain• Easy to guess – dictionary attacks

• Stronger passwords• Computer generated or verified• Not user friendly • Hard to remember

Physical Access Offline password cracking Online password cracking

Boot using Linux bootable CD Mount system drive Reset Administration Password (Windows:

chntpwd; Linux modify shadow file)

Collect password hashes Crack passwords

Eavesdropping (Sniffing) Password file

Windows – SAM,NTDS.dit file (pwdump[2-6] and fgdump)

Linux – shadow file (unshadow) Memory Dump (debug tools: WinDgb, gdb), System

calls (APImonitor, strace) SQL database, configuration file Source code

Types Brute Force Dictionary Hybrid Rainbow

The most popular crackers Windows: Ophcrack, Cain & Abel, LCP Linux: John the Ripper (john)

Eavesdropping: Encrypt the channel, e.g. using SSL or SSH

Offline dictionary attacks: Limit access to password hashes, strong passwords, password lifetime, use salt

Online dictionary attacks: Delayed answers, strong passwords, account lockouts