Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNS2010handout 7 :: rainbow tables1 computer and network security matt barrie.

Similar presentations


Presentation on theme: "CNS2010handout 7 :: rainbow tables1 computer and network security matt barrie."— Presentation transcript:

1 CNS2010handout 7 :: rainbow tables1 computer and network security matt barrie

2 CNS2010handout 7 :: rainbow tables2 Pre-computation attacks A rainbow table is a time-space attack on symmetric cyphers and hash functions. The idea comes from an earlier attack using pre-computed hash chains… Two Phases –Pre-computation Phase –Online Attack Phase (Cryptanalytic Attack) Pre-computation Phase The idea comes from an earlier attack using pre-computed hash chains… start -> h(start) -> h(h(start)) -> h(h(h(start)))…. We store the start point, end point and length of the chain The chains stops after a fixed number of iterations or a “collision” into an existing end-point (in which case we merge chains) If we increase the length of our chains we decrease the size of the table but increase the time taken to iterate over each chain.. (the “time/space tradeoff”)

3 CNS2010handout 7 :: rainbow tables3 Online attack phase Online Attack Phase To reverse a given hash Y we simply keep hashing it and comparing to our list of end points (small).. when we find a match we lookup the start value and repeatedly hash until we get to our value Y again.. The value before that is our preimage..

4 CNS2010handout 7 :: rainbow tables4 Rainbow Tables First pioneered by Philippe Oechslin as a fast form of time-memory tradeoff, which he implemented in the Windows password cracker 0phcrack (a play on l0phtcrack). A rainbow table is slightly modified form of the precomputation attack. A reduce function is used after each hash. The reduce function is an “onto” function that maps a hash to a desired password in the character set –lowercase alphanumeric passwords of 8 characters long –case sensitive passwords of 5-16 characters in length –valid UNIX passwords (96 symbols, 8 characters)

5 CNS2010handout 7 :: rainbow tables5 Rainbow Tables The reduce function is an “onto” function that maps a hash to a desired password in the character set –reduce(hash(a password)) → next password After a chain containing a suitable number of passwords is created, the final password in the chain is hashed, and the final hash and the starting password are stored together in the rainbow table. To reverse a hash, look for it in the table. If it isn't found, the following is done to get another hash to try: –hash(reduce(a hash)) → next hash We keep going until we find the hash in the table. When we find it, we again lookup the start value for the chain and repeatedly hash until we find out value..

6 CNS2010handout 7 :: rainbow tables6 Rainbow tables

7 CNS2010handout 7 :: rainbow tables7 Rainbow Tables Rainbow tables use a different reduction function for each "link" in a chain, so that when there is a hash collision in two or more chains the chains will not merge so long as collision doesn't occur at the same position in each chain. As well as increasing the probability of a correct crack for a given table size, this use of multiple reduction functions approximately doubles the speed. The end result is a table that contains statistically high chance of revealing a password within a short period of time, generally less than a minute. The success probability depends on the parameters used to generate it. These include the character set used, password length, chain length, and table count.

8 CNS2010handout 7 :: rainbow tables8 Rainbow Tables 1.We want to reverse the hash “re3xes” 2.We apply reduction function R3 and get “rambo”.. we check the table and don’t find it there 3.We then restart using R2 followed by R3 (and keep doing this with 3, 4, 5 reductions until we succeed). 4.We can see that with two reductions we get “linux23” which is in the table 5.We lookup the start value “password” and then start our search of this chain, comparing the hash at each iteration to our target hash “re3xes”. Once we find it we stop, and we discover the password “culture” that generated that hash value..

9 CNS2010handout 7 :: rainbow tables9 Rainbow Tables Rainbow Table for LanManager passwords (windows) config #0 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ ] Keyspace Table size 610Mb Success probability Cracks 5-alpha in a few seconds Rainbow Table for LanManager passwords (windows) config #1 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ ] Keyspace Table size 3 GB Success probability

10 CNS2010handout 7 :: rainbow tables10 Rainbow Tables Demonstration of RainbowCrack 1.2 software to crack 5 alpha only windows password in 30 seconds. Below is the screen output of the cracking process. The pwfile file contain 5 windows password hashes in pwdump format. The *.rt file are precomputed hash table files (rainbow table) we generated before with rtgen.exe utility. The rcrack.exe program find all plaintext in 24 seconds, with additional 6 seconds to load the files from disk. This demonstration run on a PC with one P4 3.0GHz processor and 512MB memory. ============================================================================================================= D:\rainbowcrack-1.2-win>type pwfile user0:1455:686f63d42397d2e30f97d26b0aca50d3:4170b8c7ef39e916ddffb3a2c61a6c61::: user1:1456:9ebd ef2d0d075e2a1597d7bc:d5ec0d453fade7329c81eaa4fd78fc63::: user2:1457:1a993db3c3a8a908eb5e0c18c96b74de:c514fc8b aa8be2fe087289fc2::: user3:1458:377f3240bafa098d5dca0224fb2b1540:7d9ddf6199d27e12f50f5920f14c4dfd::: user4:1459:25a1d3832aaf6f83caa7a :2eb5e84791b35ba a ::: D:\rainbowcrack-1.2-win>dir k:\rt0\*.rt Çý¶¯Æ÷ K ÖеľíÊÇ SATA0 ¾íµÄÐòÁкÅÊÇ 64BE-26CB k:\rt0 µÄĿ¼ :59 128,000,000 lm_alpha_0_2100x _all.rt :59 128,000,000 lm_alpha_1_2100x _all.rt :00 128,000,000 lm_alpha_2_2100x _all.rt :00 128,000,000 lm_alpha_3_2100x _all.rt :01 128,000,000 lm_alpha_4_2100x _all.rt 5 ¸öÎļþ 640,000,000 ×Ö½Ú 0 ¸öĿ¼ 9,026,281,472 ¿ÉÓÃ×Ö½Ú

11 CNS2010handout 7 :: rainbow tables11 Rainbow Tables D:\rainbowcrack-1.2-win>rcrack k:\rt0\*.rt -f pwfile lm_alpha_0_2100x _all.rt: bytes read, disk access time: 3.55 s verifying the file... searching for 10 hashes... plaintext of 686f63d42397d2e3 is WHJJGXA plaintext of 1a993db3c3a8a908 is JLXNYLY plaintext of 377f3240bafa098d is OFCVPLL plaintext of 5dca0224fb2b1540 is CGRVFOK plaintext of 25a1d3832aaf6f83 is DRLMYRX plaintext of caa7a is GWEIVEK cryptanalysis time: s lm_alpha_1_2100x _all.rt: bytes read, disk access time: 3.30 s verifying the file... searching for 4 hashes... plaintext of 0f97d26b0aca50d3 is JAQPRMN plaintext of 9ebd ef2d is BMRBAHY plaintext of 0d075e2a1597d7bc is RHFKPQT plaintext of eb5e0c18c96b74de is LSKMQQT cryptanalysis time: 4.39 s statistics plaintext found: 10 of 10 (100.00%) total disk access time: 6.84 s total cryptanalysis time: s total chain walk step: total false alarm: total chain walk step due to false alarm:

12 CNS2010handout 7 :: rainbow tables12 Rainbow Tables Rainbow Table for LanManager passwords (windows) config #5 Charset ] Keyspace (2^39.7) Table size 24 GB Success probability Demo: crack of following windows password: N73k_a7()TUBoK PrFa$=ptRcb^__ z %G)r*EW&2nk# cjST$=W0U*-5CH (zw= ijV$i*vEX

13 CNS2010handout 7 :: rainbow tables13 Rainbow Tables Rainbow Table for LanManager passwords (windows) config #6 Charset _+=~`[]{}|\:;"'<>,.?/ ] Keyspace (2^42.8) Table size 64 GB Success probability Demo: crack of following windows password: }m-6BRz*Cj=J}G $ Ot\KZ?/a/qr4d^ yc~<{1!Oe}l_j| 5~|3&-K^4S#c3q Broken in minutes..

14 CNS2010handout 7 :: rainbow tables14 Rainbow Tables Rainbow Table for MD5 (loweralpha-numeric 1-8) Charset [abcdefghijklmnopqrstuvwxyz ] Keyspace Table size 36 GB Success probability MD5 hashes broken in 35 minutes.. Rainbow Table for Microsoft Office –40-bit encrypted files decrypted in 5 minutes on average –One table for MS Word and one table for MS Excel –Table size is 40 GB –99.9% accuracy MS Office The obvious problem here is the precomputation needs only be done once.. And the attack is extremely scalable. Of course, the files are now available on bit torrent.. and rainbow tables crackers are now online on websites.. Salts are one way to defeat rainbow tables..

15 CNS2009handout 7 :: rainbow tables15 FPGA Rainbow Tables Cracker In 2005, Malcom Sumantri and I decided to implement a rainbow tables cracker in FPGAs..

16 CNS2009handout 7 :: rainbow tables16 StepGoalToolInput to ToolOutput of Tool 1Generate end-points from the chosen plaintext/ciphertext pair. End-Point Generator (Hardware) Chosen plaintext, chosen ciphertext, start mark, end-mask Prospective End-Point, Prospective Column Number 2Perform table lookup on all end-points generated from Step 1. Online Attack Software Application End-Points generated from Step 1. Start Points that corresponds with matching end-points from Step 1. 3Generate Key from Starting Points found in Step 2. Intermediate Key Generator (Hardware) Start-Point and matching column number (from Steps 1 and 2), start-mask, end-mask. Candidate Key(s) 4Test validity of KeyOnline Attack Software Application Candidate key(s) from Step 3, chosen plaintext, chosen ciphertext. Key FPGA Rainbow Tables Cracker Online System

17 CNS2010handout 7 :: rainbow tables17 Experiment and Results Experiment –Cryptanalytic attack on 40-bit DES since the resources to break DES is out-of-reach for the budget in this thesis. –Use Sensory NetworksTM NodalCoreTM C-1000 PCI Card. Xilinx® Virtex-II Pro VP-40 FPGA Flexible chipset architecture to embed our hardware engines. PCI interface allows for high-speed communications. Results –40-bit DES Rainbow Table can be generated in less than 4 hours. Table parameters allows for 85% cryptanalytic success probability. Fastest known implementation in the literature based on results. –Online attack of 40-bit DES in 30.8 seconds.

18 CNS2009handout 7 :: rainbow tables18 Data Analysis Performance-Cost Analysis –Determine the FPGA chip that provides the highest performance for the lowest cost. –Synthesized the hardware designs for various Xilinx FPGAs. –Spartan 3 S-1500 provides the highest performance-cost relative to other Xilinx® FPGA chips. Extrapolate the design of a machine to break DES (56-bit key length) –Result: DES can be broken with 85% success probability in 72 minutes for an approximate cost of US $1,210.

19 CNS2010handout 7 :: rainbow tables19 Data Analysis FPGAs provides a low cost and effective solution to cryptanalysis. Rainbow table attacks provide a faster attack time compared to brute-force, but brute-force uses less resources, that is, memory resources. –For large key sizes, the rainbow table attack becomes infeasible as memory costs is prohibitive. Potential Attacker Key Length (bits)Cost (US $) Clever Outsider , ,650 Knowledgeable Insiders 6222, ,400 Funded Organization (Large Corporation, Mafia) 66361, million Funded Organization (Small Government, Terrorist Networks) 7224 million million billion Funded Organization (Large Government Bodies: US National Security Agency) 806 billion billion billion billion trillion Not feasible trillion


Download ppt "CNS2010handout 7 :: rainbow tables1 computer and network security matt barrie."

Similar presentations


Ads by Google