PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014
CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are more secure. Encryption is coding a message Decryption is decoding a message Plaintext is the message in a readable format. Ciphertext is the message in its encrypted format. Types of Cryptosystems Symmetric Provides Confidentiality Asymmetric Provides Authentication Hash Provides Integrity
Key Keyspace is the size of an encryption key. Strength of a crypto system rests with the strength of its key Larger the keyspace, the less likely to be attacked using bruteforce methods. Keyspace matters CRYPTOGRAPHY Protection based on key length is exponential, not linear. Keyspace of a 40-bit key = 1 trillion Keyspace of a 56-bit key = 72 quadrillion Each additional bit added to a keyspace doubles the possible combinations.
Key CRYPTOGRAPHY If a computer can guess 250,000 passwords per-second: 32-bit key = 4.8 hours 40-bit key = 51 days 56-bit key = 9,140 years 128-bit key = 43 septillion years
SYMMETRIC ENCRYPTION Uses a single key for both encryption & decryption. Much faster as compared to asymmetric encryption Key must be kept secure and secret between the two users. Example algorithms: Data Encryption Standard (DES) 64-bit Block Cipher 56-bit key Triple DES Three passes of the DES algorithm 168-bit key (if using 3 keys)
SYMMETRIC ENCRYPTION Example algorithms: Blowfish 64-bit Block Cipher Variable 32 to 448-bit key International Data Encryption Algorithm (IDEA) 64-bit Block Cipher 128-bit key
SYMMETRIC ENCRYPTION Example algorithms: Advanced Encryption Standard (AES) 128-bit Block Cipher 128-bit, 196-bit or 256-bit key bit-by-bit XOR with the key Substitutes each 8-bit quantity in the array to a different 8-bit value Circular shifts left the contents of state array rows 1, 2, and 3 by 1, 2, and 3 bytes. Final byte value substitution on a column (32- bit) bases.
SYMMETRIC ENCRYPTION
SYMMETRIC ENCRYPTION Implementation Techniques: Substitution XOR ROT-13 Rotate the alphabet by 13 characters Arbitrary Exchanges one character for another Frequency analysis can be used to break. Permutation Changes the position of each letter within the text. Hybrid Substitution and Permutation
ASYMMETRIC ENCRYPTION Uses a public and private key architecture. Public key is used to encrypt the message Private key is used to decrypt the message Much slower as compared to symmetric encryption Digital Signatures Signed document by encrypting a one-way hash with a private key. Examples: PGP RSA asymmetric key to encrypt the session key IDEA 128-bit symmetric encryption to encrypt the data Secure Socket Layer SSH
ASYMMETRIC ENCRYPTION
PGP EXAMPLE
PGP EXAMPLE
PGP EXAMPLE During the PGP installation, two keys are generated, which are associated with a single user. Public Key Private Key A Public Key is used by other PGP users to send an encrypted message. A Private Key is used by the email s recipient to decrypt the message.
PGP EXAMPLE
PGP EXAMPLE
PGP EXAMPLE
SENDING PGP EMAIL
SENDING PGP EMAIL
HASH FUNCTIONS A key is not used during encryption Irreversible one-way transformation Plaintext is not recoverable Length of plaintext is not recoverable Examples: MD2, MD4, MD5 (128-bit), SHA-1 (160-bit) & SHA-2 Usage: Message Integrity, password protection, etc.
FULL DISK ENCRYPTION Encrypts the entire hard drive, to include: Volumes Swap Files Hibernation Files System Files Full disk encryption changes the partition table (MBR or GUID) to prompt the user for authentication credentials. Decrypted data is never written to disk.
FULL DISK ENCRYPTION When files are requested by the user, the OS passes the request to the file system manager. The data is pulled from the hard drive and decrypted in RAM. Vulnerable if you have logged into the system and you leave the system unattended. Encrypted Disk Detector Checks system for instance of TrueCrypt, PGP, BitLocker, SafeBoot, BestCrypt, Checkpoint or Symantec. Free Tool http://info.magnetforensics.com/encrypted-disk-detector/
AccessData s Password Recovery Toolkit Demo
WINDOWS PASSWORDS Three Authentication Methods used by Windows: LAN Manager (LANMAN) Passwords Highly susceptible to attack. NT LAN Manager (NTLM) Used for authentication in Workgroup environments Kerberos Preferred method of authentication Requires the use of Active Directory
WINDOWS PASSWORDS LAN Manager (LANMAN) Passwords Enabled prior to Windows Vista Passwords are hashed using LM hash Algorithm; which is based on DES Flaws Limited to 14 characters Pads a password to 14 characters Breaks into two 7-character words Easier to break two 7-character passwords than one 14-character password. All characters are converted to UPPERCASE No salt applied
WINDOWS PASSWORDS NT LAN Manager (NTLM) is Microsoft s fix to LANMAN. NTLMv1 - Uses DES based one way function NTLMv2 - Uses MD4 based one way function Kerberos - standard authentication protocol, but requires an Active Directory and domain membership. User passwords are stored in one of two places: SAM Registry Hive \System\System32\Config You will also need the SYSTEM registry key. Active Directory \System\ntds directory\ntds.dit
WINDOWS PASSWORDS pwdump http://www.tarasco.org/security/pwdump_7/ Format Username: SID:LM Hash:NTLM Hash:::
PASSWORD ATTACK METHODS Attack methods try to guess the plaintext password not break the encryption algorithm. Password Attack Methods Dictionary Attack Fastest Method Test words in a dictionary Pre-generated User Specific Countermeasure: Set policies for users to choose passwords that are not dictionary words.
PASSWORD ATTACK METHODS Password Attack Methods Hybrid Attack Uses a dictionary attack and adds numerals and symbols. Brute Force Attack Most powerful attack method Every password is breakable How much time do you have? Rainbow Tables Generating password hash values takes a lot of CPU time Rainbow tables are pre-computed hash values.
CAIN http://www.oxid.it/cain.html
CAIN
CAIN
CAIN (DICTIONARY)
CAIN (DICTIONARY)
CAIN (DICTIONARY)
CAIN (DICTIONARY)
CAIN (DICTIONARY)
CAIN (BRUTE-FORCE)
CAIN (BRUTE-FORCE)
CAIN (BRUTE-FORCE)
CAIN (BRUTE-FORCE)