Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Published byHarvey Lambert Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "1 MD5 Cracking One way hash. Used in online passwords and file verification."— Presentation transcript:

1 1 MD5 Cracking One way hash. Used in online passwords and file verification.

2 2 Lets destroy an MD5 hash Lets use “steiner” Md5('steiner')= 7bfd4d773bec1249bb691bbad9d968a8 Input into rcrack../rcrack *.rt -h 7bfd4d773bec1249bb691bbad9d968a8 Wait

3 3 MD5 hashing Tables vary greatly in size. Each added character add's exponential growth md5_loweralpha-numeric_1-8 36.4 GB

4 4 General Wireless Vulnerabilities Invasion and resource stealing Traffic redirection Denial of service Rogue access points

5 5 The Wired Equivalent Privacy Protocol

6 6 Goals Confidentiality Prevent casual eavesdropping Access control Protect access to network infrastructure Data integrity Prevent tampering with transmitted messages

7 7 Logistics A key is shared between the client and access point Key length is 40 bits or 104 bits Keys are static and whenever a key changes, all clients must update

8 8 RC4 Stream Cipher

9 9 WEP Implementation of RC4 Checksum of the plain text is computed to provide data integrity 24 bit Initialization vector (IV) is used to increase the size of the secret key IV also makes it harder to crack by changing the key stream every time IV is pre-pended to the cipher text, that way client can decrypt the message

10 10 Encryption Process

11 11 Decryption Process

12 12 WEP Authentication Client sends message to access point (AP) requesting authentication AP sends plain text stream to client Client chooses IV and encrypts plain text stream Client sends IV and cipher text to AP for verification

13 13 WEP Frame

14 14 WEP Flaws and Exploits

15 15 Database Attack Some access points allow traffic to be encrypted or unencrypted Hacker sends packets to the access point broadcast messages, AP responds with encrypted version Hacker records key stream and puts it in database for later use When client gets sent message with IV that is in the database, hacker XORs the two to get the plain text

16 16 Key Scheduling Attack Some IVs are weak and through statistical analysis can reveal information about the key Active attack involves de-authenticating client repeatedly until enough packets have been received to analyze Utilizes the fact that several bytes of IP traffic can be easily predicted

17 17 Message Injection Hacker can listen to authentication process and determine a key stream for a particular IV Using this key stream, hacker can create packets and inject them into the network WEP allows for IVs to be reused without triggering an alarm

18 18 WEP Cracking Tools

19 19 Linux Security Distributions Several live CDs are available that contain all tools necessary to hack WEP Common applications include: Aircrack Suite - wesside-ng - aireplay-ng - aircrack-ng Airsnort Kismet

20 20 How to Protect Against and Attack

21 21 Newer Security Protocols Stop using WEP and use a newer protocol like WPA Make you password harder to crack by using the maximum number of characters and using random ASCII characters ***(deprecated)***

22 22 Authentication Evil Twin Attack Hacker can force user off the AP, then use the same SSID to pose as the AP How do you know who has control of an access point? Enterprise systems can use a server to authenticate users

23 23 Other Suggestions Wireless IDS Can monitor network to prevent rogue access points If attacker attempts to break into wireless LAN, the IDS can triangulate his location Use end to end encryption VPNs

24 24 Demo Locate target Do research Get AP MAC and client MAC Input into wesside-ng If necessary, spoof a clients MAC

25 25 Lan Manager (LM) Hashes Used by Microsoft Windows passwords are stored using this algorithm Only hashes 7 characters at a time. Makes cracking considerably easier

26 26 Lets break my windows Get Hash Input into ophcrack wait

Download ppt "1 MD5 Cracking One way hash. Used in online passwords and file verification."

Similar presentations

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN

Similar presentations

Ads by Google