CSE 3482

Introduction to Computer Security

Password Cracking

Instructor: Prof. P. Madani, Winter 2022

 Introduction
• Password – a secret word/string of characters used to
authenticate a user into a system
³ critical (often only) defense against intruders
³ ideal password: easy to remember, hard to
‘crack’
³ Google (2013) released a list of common
password types which are insecure as they
are too easy to guess / get off social media
Ø name of a pet, child, family member, spouse
Ø names of birthplaces , favorite sports teams
Ø birthdays, anniversary dates

³ overly complex passwords are as dangerous

as very simple ones
Ø the user likely to write it down or to reuse it
Introduction (cont.)
Type of Password Search Size Number of Percentage of Cost/Benefit Ratioa
Passwords Matches Passwords Matched
Cracked
User/account name 130 368 2.7% 2.830
from a Character sequences 866 22 0.2% 0.025
Sample of
Numbers 427 9 0.1% 0.021
13,797 Chinese 392 56 0.4% 0.143
Unix Place names 628 82 0.6% 0.131
Common names 2239 548 4.0% 0.245
Accounts Female names 4280 161 1.2% 0.038
Male names 2866 140 1.0% 0.049
* using a Uncommon names 4955 130 0.9% 0.026
customized Myths and legends 1246 66 0.5% 0.053
Shakespearean 473 11 0.1% 0.023
dictionary Sports terms 238 32 0.2% 0.134
comprising Science fiction 691 59 0.4% 0.085
Movies and actors 99 12 0.1% 0.121
3 million Cartoons 92 9 0.1% 0.098
words Famous people 290 55 0.4% 0.190
Phrases and patterns 933 253 1.8% 0.271
* success
Surnames 33 9 0.1% 0.273
rate: 25% Biology 58 1 0.0% 0.017
System dictionary 19683 1027 7.4% 0.052
* cracking Machine names 9018 132 1.0% 0.015
time < 1 h Mnemonics 14 2 0.0% 0.143
King James bible 7525 83 0.6% 0.011
Miscellaneous words 3212 54 0.4% 0.017

Yiddish words 56 0 0.0% 0.000

Asteroids 2407 19 0.1% 0.007
TOTAL 62727 3340 24.2% 0.053
Introduction (cont.)
• Passwords ³ in most systems, passwords are stored in
in a System a protected (hash) form Þ snooper that
gains internal access to system cannot
easily retrieve/steal passwords
Ø every time a user logs in, password handling
software runs the hash algorithm
Ø if (new hash = stored hash), access is granted
Introduction (cont.)
Example: Password hashes

Storing hash instead

of password

Testing a password
against stored hash

http://www.tobtu.com/lmntlm.php
Introduction (cont.)

• Password – password hashes are stored in

Management Security Account Manager (SAM) file
in Windows ³ stored in C:\Windows\System32\config
or HKEY_LOCAL_MACHINE\SAM registry
- cannot be accessed while computer
running (file used by OS)

• Accessing SAM – requires additional software

File in Windows ³ install and run LCP, pwdump,

or FGDUMP with Administrator

privileges
Introduction (cont.)
• Accessing Hash – text file: /etc/passwd (/etc/shadow)
File in Unix ³ readable by system administrator
(root) only
 Introduction (cont.)
Example: passwd vs. shadow

When any user is created in Linux it affects 4 files

/etc/passwd
/etc/group
/etc/shadow
/etc/gshadow
/etc/passwd file is essentially the user account database in which Linux stores
valid accounts and related information about these accounts.
/etc/shadow file contains encrypted passwords and bookkeeping information.
 Introduction (cont.)
Example: entry in /etc/shadow
 Introduction (cont.)
Example: ‘encrypted’ password
Introduction (cont.)
• Accessing Hash – /var/db/dslocal/nodes/Default/users
File in Mac ³ readable by the root user only

Example: Keychain Access ( built-in password manager/utility

for Mac OS X – manages web-based passwords)
 Password Cracking
• Password – a method of gaining unauthorized access
Cracking to a computer system by trying different
(Guessing) passwords
³ cracking difficulty ~ size of password space

http://resources.infosecinstitute.com/the-exponential-nature-of-password-cracking-costs/
 Password Cracking (cont.)
• Online vs. ³ online cracking
Offline Ø try every password at the login prompt in real
Password time
Cracking Ø very slow!
8-character password of 76 possible characters
(upper & lower case, digits, common symbols) =
1.1x1015 possibilities
2 to 3 passwords a second Þ 5,878,324 years
to guess a password

Ø extremely noisy!
most systems block the victim account after
several failed login attempts

³ off-line cracking
Ø assumes the possession of passwd/hash file
 Password Cracking (cont.)
• Brute-Force – aka exhaustive password search
Password ³ entire password space is ‘tried’
Cracking
³ starts by using simple combinations of
characters, and then gradually moves
to more complex/longer ones
³ (may be) effective for passwords of small
size, but too time consuming for long
passwords
³ examples of brute-force crackers
Ø Cain and Able
Ø John the Ripper
Ø Ophcrack
Password Cracking (cont.)
What is Password Search Space in Brute-Force Attacks?
a) On 26-letter alphabet, password of length 1/2/n:
S1-Letter= 261
S2-Letter= 26*26 = 262
Sn-Letter= 26*26*…*26 = 26n

b) On A-character alphabet, password of length n:

Sn-character=An

c) On A-character alphabet, passwords up-to n characters

 Password Cracking (cont.)

Example: Brute-Force Password Search Space (1)

Compare two systems in which the maximum password length is 16,
and passwords may contain any printable ASCII characters.
System A allows passwords to be any length (1-16)
System B requires passwords to be at least 8 characters long (8-16).
Calculate the search space for these two systems.
A=94

System A:

System B:

Almost the same!!!

 Password Cracking (cont.)
Example: Brute-Force Password Search Space (3)
A system allows passwords consisting of 4 lower-case letters followed
by 3 digit numbers.
How many passwords are possible if there are no restrictions.

L1 L2 L3 L4 D1 D2 D4
any combination any combination

264 *103 = 456,976,000

 Password Cracking (cont.)

Example: Brute-Force Password Search Space (2)

Tina has to create a password for the security of a software program
file. She wants to use a password with 3 letters.
How many passwords are allowed if no letter is repeated and the
password is not case sensitive?

L1 L2 L3 : A (B-Z) (C-Z)
26 25 24

26*25*24 = 15,600
Password Cracking (cont.)
• Biased ³ the search space is further reduced by
Attack focusing on most likely combinations
of words and/or numbers …

Example: Biased Attack on 4-Digit Pins

Assume a system requires that access passwords be comprised
of 4 digits.
Total unbiased any number between 0 – 9999 (10,000)
search space:
Many people use some important personal dates to generate
4-digit passwords.

Biased search only 366 possible combinations!

space:
Password Cracking (cont.)
• Dictionary ³ users often create passwords using
Attack common dictionary words
Ø instead of trying every password, dictionary
attack probes only common dictionary words
Ø faster than brute force, as it uses smaller
(more likely) search space
Ø still might take considerable time, and might
fail in the end
 Password Cracking (cont.)
Example: Dictionary Attacks in Real World
Many studies on effectiveness of dictionary attack have been
conducted.
Not 100% effective, but enough passwords were cracked to make
the use of this attack worthwhile.

Research or Incident % Guessed

Morris worm, estimated success (1988) ~50%
Klein’s Study (1990) 24.2%
Spafford’s Study (1992) 20%
CERT Incident 1998-03 25.6%
Cambridge study by Yan, et al. (2000) 35%
Lulz and Anonymous, estimated success (2011) 30%

Elementary Information Security, R. E. Smith, pp. 253

Password Cracking (cont.)
• Pre-Computed ³ achieves TIME-SPACE tradeoff by
Dictionary pre-computing a list of hashes of
Attacks dictionary words
Ø pre-computed hashes are compared
against those in a stolen password file
Ø rainbow tables
1) pregenerated sets/lists of hashes –
n*Gbyte size!!! D
2) allow extremelly rapid searching C
Password Cracking (cont.)

Rainbow Table: time/space tradeoff!!!

 Password Cracking (cont.)
• Rainbow Table • Is a precomputed table for reversing (i.e., cracking)
cryptographic hash functions.
• Space-time tradeoff
• it uses less computer processing time and more
storage compared to brute force.
• It uses more processing time and less storage
than a simple lookup table.

P Hash Function (E.g., MD5)

H
Password Hash Space –
Space – (i.e., (i.e., hashed
Rainbow Table vs Hash Table
plaintext) values)

Given any value h in H, can we build a data structure to either locate an element p in P such that H(p) = h, or
determine that there is no such p in P?

• Brute force: exponential time – marginal space

• Precomputed hash tables: exponential space [ O(|P|n) where n is the size of
output of hash function impossible for large |P|]! – constant look-up
• Rainbow Tables: Reduce compared to precomputed hash tables – Reduce look-up time compared to
brute force methods.
 Password Cracking (cont.)
• Rainbow Table Construction • Main idea: define a reduction function R
that maps hash values back into values in P.
• Reduction function is not meant to be
“an inverse of the hash function”
P Hash Function (E.g., MD5)
H
Password Hash Space –
Space – (i.e., (i.e., hashed
Rainbow Table vs Hash Table
plaintext) values)

Length L = 3
Rainbow Table
 Rainbow Table (cont’d)
• Using Rainbow Table

Let’s assume that you got hold of hash “re3xes” and you would like to find
its corresponding value
• Apply reduction function R and check the result with tail column of rainbow table
• No match? Apply hash function H and reduction function R and check again.
• Stop once you have found a match OR you have constructed a chain with
length L with no match.
 Password Salting
• Password Salting – adding a unique random value to
each password before hashing
³ both the hash and salt are stored
³ does not fully prevent against
password cracking, but makes it
harder / more time consuming

https://spideroak.com/privacypost/cloud-security/byod-the-problems-with-plaintext-password-storage/
User id + Password
Password Salting (cont.)
• Password Salting Benefits – in case of a compromised
Password File
Ø dictionary and rainbow attacks impossible to perform
Ø prevents duplicate passwords from being visible in password file
Ø becomes impossible to find out whether a person has used the
same password on multiple systems
Password Hashing in Windows
• Password – Windows-based computers utilize two
Hashing hashing methods
in Windows ³ LAN Manager (LM)
Ø used in earlier versions – up until Windows
2000, XP, Vista, and 7

³ NT LAN Manager (NTLM)

Ø much stronger and harder to crack than
LM hash
Ø used in Windows 2000, XP, Vista, and 7
Ø Windows 2000 and XP are also backward
compatible – hash with both, to be able
operate with older clients/servers*
* feature that should be disabled if not necessary
Password Hashing in Windows (cont.)

• LM Password Hashing – not really a hash, but a

a cryptographic value

1) user password is converted to all uppercase

2) password has null characters added to it until it
equals 14 characters
3) new password is split into two 7 char. halves
4) two 7-byte halves are used to create two 64-bit
(8-byte) long DES encryption keys, by inserting a
null bit after every seven bits
5) each key is used to DES-encrypt the constant
ASCII string “KGS!@#$%”, resulting in two
16-byte long ciphertext values
6) finally, two 16 byte hashes are concatenated
to form the 32-byte long hash
Password Hashing in Windows (cont.)

• LM Password Hashes (cont.)

³ drawbacks:

1) case insensitive – significantly reduces

character set that attacker must use
(A - from 95 down to 69)
2) 14-character long passwords split into
two 7-character long halves – search
space dramatically reduced
(from A14 to 2*A7)
total reduction in search space:
from 9514 to 2*697
3) DES encryption not considered safe
anymore
Password Hashing in Windows (cont.)

• NTLM Hashing – much simpler in terms of OS

operations than LM
³ applies MD4 hash algorithm 3 times
³ advantages: much ‘stronger’ than LN
Ø allows for distinction between upper
and lower case
Ø does not split password into smaller,
easier to crack, chunks
³ disadvantages: does not use ‘salting’
like in UNIX and Linux
Ø salt – random combination of 0 & 1
added to a password
Ø every bit of salt => 2X password-cracking
demands on storage and/or computation
Example: Password policies – which one is better?!
Company A requires that its employees pick 6-character passwords
made up of combinations of lowercase letters, uppercase letters, and
digits. No other characters are allowed, and a given user’s password
must not use any character twice.
Example: ab98CD

Company B requires that its employees pick 12-character passwords,

where each of the 12 can be any of 100 possible characters. Unlike for
Company A, Company B’s employees can reuse characters in their
passwords. However, Company B finds that users often make mistakes
with these long passwords, so if an authentication attempt fails, the
login server helps the user by telling them how many of the initial letters
were correct. For example, if a password entered was ‘abcdefgij’ and the
server replies “Wrong, but the first 4 letters were correct”, then ‘abcd’
are correct, ‘e’ is wrong, and nothing is revealed about the correctness
of the letters after ‘e’.
Example: Password policies – which one is better?!
Suppose an attacker is trying to guess/crack the password of user
U1 at Company A, and user U2 at Company B. Both usernames are valid
at the respective companies, and the users have chosen passwords that
conform with the policy.

a) Write down an expression for the # of attempts the attacker

needs for guessing the password of user U1 at Company A.

Solution:
Example: ab98CD

Total # of allowed characters = 26 + 26 + 10 = 62

Total # of possible passwords = 62*61*60*59*58*57 =
= 4.4 * 1010
Example: Password policies – which one is better?!
b) Write down an expression for the # of attempts the attacker
needs for guessing the password of user U2 at Company B.

Solution:
The key for this part of the problem is that the attacker can use
feedback provided by the login process to speed up the ‘cracking’
process.
To start, the attacker can try 100 passwords that each differ in
their first character. One of these must succeed. In addition, when
it succeeds, in the worst case the attacker is told that the second
character in the attempted password is incorrect. Therefore, once
the attacker learns that the first character is correct, they also can
eliminate 1 of the possibilities for the second character.
Example: Password policies – which one is better?!
Password: bszi1289AMLK
1st round of guesses: aa, ba, ca, da, …
2nd round of guesses bba, bca, bda, bea, …, bsa, bta, …
At this point, they make another 100 − 1 = 99 guesses, each of
which uses the first character learned in the previous step, and
tries a different second character (excluding the character that the
attacker has already learned is not correct for the second
position).

This process continues until they try candidates for all 12

positions, requiring at worst a total of:
# of possible passwords = 100+99+99+ ...
= 100 + 99 · 11 = 1189