Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Published byLouisa Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Mark Shtern. Passwords are the most common authentication method They are inherently insecure."— Presentation transcript:

1 Mark Shtern

2 Passwords are the most common authentication method They are inherently insecure

3 Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember

4 Physical Access Offline password cracking Online password cracking

5 Boot using Linux bootable CD Mount system drive Reset Administration Password (Windows: chntpwd; Linux modify shadow file)

6 Collect password hashes Crack passwords

7 Eavesdropping (Sniffing) Password file  Windows – SAM,NTDS.dit file (pwdump[ 2-6 ] and fgdump)  Linux – shadow file (unshadow) Memory Dump (debug tools: WinDgb, gdb), System calls (APImonitor, strace) SQL database, configuration file Source code

8 Types  Brute Force  Dictionary  Hybrid  Rainbow The most popular crackers  Windows: Ophcrack, Cain & Abel, LCP  Linux: John the Ripper (john)

9 Eavesdropping: Encrypt the channel, e.g. using SSL or SSH Offline dictionary attacks: Limit access to password hashes, strong passwords, password lifetime, use salt Online dictionary attacks: Delayed answers, strong passwords, account lockouts

Download ppt "Mark Shtern. Passwords are the most common authentication method They are inherently insecure."

Similar presentations

Securing Passwords against Dictionary Attacks

Securing Passwords against Dictionary Attacks
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The Cain Tool Presented by: Sagar Chivate CS 685F.

The Cain Tool Presented by: Sagar Chivate CS 685F.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Passwords, Encryption Forensic Tools

Passwords, Encryption Forensic Tools
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.

Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Similar presentations

Ads by Google