PASSWORDS & ENCRYPTION

Similar documents
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptographic Concepts

1.264 Lecture 28. Cryptography: Asymmetric keys

CSC 474/574 Information Systems Security

CSCE 813 Internet Security Symmetric Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Introduction to Cryptography. Vasil Slavov William Jewell College

Chapter 5 Authentication and Basic Cryptography

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

APNIC elearning: Cryptography Basics

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptography MIS

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Ref:

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Cyber Security Applied Cryptography. Dr Chris Willcocks

Cryptography and Network Security

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

Cryptography. Historical Encoding. Encryption Media. Intro to Encryption 8/24/2010. COMP620 Information Privacy & Security 1

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Security. Communication security. System Security

CSC 774 Network Security

(2½ hours) Total Marks: 75

Encryption. INST 346, Section 0201 April 3, 2018

Block Ciphers. Secure Software Systems

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 1 Applied Cryptography (Part 1)

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

n Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems

Cryptography Functions

Computational Security, Stream and Block Cipher Functions

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Security: Cryptography

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

CIS 4360 Secure Computer Systems Symmetric Cryptography

PROTECTING CONVERSATIONS

Uses of Cryptography

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Lecture III : Communication Security Mechanisms

Computer Security 3/23/18

Public Key Cryptography

Introduction to Cyber Security Week 2: Cryptography. Ming Chow

Network Security Technology Project

Encryption I. An Introduction

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

File and Disk Encryption

Encryption and Forensics/Data Hiding

Computer Security: Principles and Practice

CSC/ECE 774 Advanced Network Security

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Cryptography ThreeB. Ed Crowley. Fall 08

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Summary on Crypto Primitives and Protocols

CSC 580 Cryptography and Computer Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Network Security Essentials

Worksheet - Reading Guide for Keys and Passwords

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

CNT4406/5412 Network Security

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Optimized Attack for NTLM2 Session Response

Encryption Details COMP620

BCA III Network security and Cryptography Examination-2016 Model Paper 1

P2_L6 Symmetric Encryption Page 1

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

User Authentication. Modified By: Dr. Ramzi Saifan

Chapter 6: Contemporary Symmetric Ciphers

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Cryptographic Systems

Delineation of Trivial PGP Security

Classical Cryptography. Thierry Sans

Cryptanalysis. Ed Crowley

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Encrypting stored data

Farewell Syskey! 2017 Passcape Software

Winter 2011 Josh Benaloh Brian LaMacchia

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Secret Key Cryptography

Some Stuff About Crypto

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Computer Security CS 526

EEC-484/584 Computer Networks

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Introduction to Symmetric Cryptography

Computer and Data Security. Lecture 3 Block cipher and DES

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Transcription:

PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014

CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are more secure. Encryption is coding a message Decryption is decoding a message Plaintext is the message in a readable format. Ciphertext is the message in its encrypted format. Types of Cryptosystems Symmetric Provides Confidentiality Asymmetric Provides Authentication Hash Provides Integrity

Key Keyspace is the size of an encryption key. Strength of a crypto system rests with the strength of its key Larger the keyspace, the less likely to be attacked using bruteforce methods. Keyspace matters CRYPTOGRAPHY Protection based on key length is exponential, not linear. Keyspace of a 40-bit key = 1 trillion Keyspace of a 56-bit key = 72 quadrillion Each additional bit added to a keyspace doubles the possible combinations.

Key CRYPTOGRAPHY If a computer can guess 250,000 passwords per-second: 32-bit key = 4.8 hours 40-bit key = 51 days 56-bit key = 9,140 years 128-bit key = 43 septillion years

SYMMETRIC ENCRYPTION Uses a single key for both encryption & decryption. Much faster as compared to asymmetric encryption Key must be kept secure and secret between the two users. Example algorithms: Data Encryption Standard (DES) 64-bit Block Cipher 56-bit key Triple DES Three passes of the DES algorithm 168-bit key (if using 3 keys)

SYMMETRIC ENCRYPTION Example algorithms: Blowfish 64-bit Block Cipher Variable 32 to 448-bit key International Data Encryption Algorithm (IDEA) 64-bit Block Cipher 128-bit key

SYMMETRIC ENCRYPTION Example algorithms: Advanced Encryption Standard (AES) 128-bit Block Cipher 128-bit, 196-bit or 256-bit key bit-by-bit XOR with the key Substitutes each 8-bit quantity in the array to a different 8-bit value Circular shifts left the contents of state array rows 1, 2, and 3 by 1, 2, and 3 bytes. Final byte value substitution on a column (32- bit) bases.

SYMMETRIC ENCRYPTION

SYMMETRIC ENCRYPTION Implementation Techniques: Substitution XOR ROT-13 Rotate the alphabet by 13 characters Arbitrary Exchanges one character for another Frequency analysis can be used to break. Permutation Changes the position of each letter within the text. Hybrid Substitution and Permutation

ASYMMETRIC ENCRYPTION Uses a public and private key architecture. Public key is used to encrypt the message Private key is used to decrypt the message Much slower as compared to symmetric encryption Digital Signatures Signed document by encrypting a one-way hash with a private key. Examples: PGP RSA asymmetric key to encrypt the session key IDEA 128-bit symmetric encryption to encrypt the data Secure Socket Layer SSH

ASYMMETRIC ENCRYPTION

PGP EXAMPLE

PGP EXAMPLE

PGP EXAMPLE During the PGP installation, two keys are generated, which are associated with a single user. Public Key Private Key A Public Key is used by other PGP users to send an encrypted message. A Private Key is used by the email s recipient to decrypt the message.

PGP EXAMPLE

PGP EXAMPLE

PGP EXAMPLE

SENDING PGP EMAIL

SENDING PGP EMAIL

HASH FUNCTIONS A key is not used during encryption Irreversible one-way transformation Plaintext is not recoverable Length of plaintext is not recoverable Examples: MD2, MD4, MD5 (128-bit), SHA-1 (160-bit) & SHA-2 Usage: Message Integrity, password protection, etc.

FULL DISK ENCRYPTION Encrypts the entire hard drive, to include: Volumes Swap Files Hibernation Files System Files Full disk encryption changes the partition table (MBR or GUID) to prompt the user for authentication credentials. Decrypted data is never written to disk.

FULL DISK ENCRYPTION When files are requested by the user, the OS passes the request to the file system manager. The data is pulled from the hard drive and decrypted in RAM. Vulnerable if you have logged into the system and you leave the system unattended. Encrypted Disk Detector Checks system for instance of TrueCrypt, PGP, BitLocker, SafeBoot, BestCrypt, Checkpoint or Symantec. Free Tool http://info.magnetforensics.com/encrypted-disk-detector/

AccessData s Password Recovery Toolkit Demo

WINDOWS PASSWORDS Three Authentication Methods used by Windows: LAN Manager (LANMAN) Passwords Highly susceptible to attack. NT LAN Manager (NTLM) Used for authentication in Workgroup environments Kerberos Preferred method of authentication Requires the use of Active Directory

WINDOWS PASSWORDS LAN Manager (LANMAN) Passwords Enabled prior to Windows Vista Passwords are hashed using LM hash Algorithm; which is based on DES Flaws Limited to 14 characters Pads a password to 14 characters Breaks into two 7-character words Easier to break two 7-character passwords than one 14-character password. All characters are converted to UPPERCASE No salt applied

WINDOWS PASSWORDS NT LAN Manager (NTLM) is Microsoft s fix to LANMAN. NTLMv1 - Uses DES based one way function NTLMv2 - Uses MD4 based one way function Kerberos - standard authentication protocol, but requires an Active Directory and domain membership. User passwords are stored in one of two places: SAM Registry Hive \System\System32\Config You will also need the SYSTEM registry key. Active Directory \System\ntds directory\ntds.dit

WINDOWS PASSWORDS pwdump http://www.tarasco.org/security/pwdump_7/ Format Username: SID:LM Hash:NTLM Hash:::

PASSWORD ATTACK METHODS Attack methods try to guess the plaintext password not break the encryption algorithm. Password Attack Methods Dictionary Attack Fastest Method Test words in a dictionary Pre-generated User Specific Countermeasure: Set policies for users to choose passwords that are not dictionary words.

PASSWORD ATTACK METHODS Password Attack Methods Hybrid Attack Uses a dictionary attack and adds numerals and symbols. Brute Force Attack Most powerful attack method Every password is breakable How much time do you have? Rainbow Tables Generating password hash values takes a lot of CPU time Rainbow tables are pre-computed hash values.

CAIN http://www.oxid.it/cain.html

CAIN

CAIN

CAIN (DICTIONARY)

CAIN (DICTIONARY)

CAIN (DICTIONARY)

CAIN (DICTIONARY)

CAIN (DICTIONARY)

CAIN (BRUTE-FORCE)

CAIN (BRUTE-FORCE)

CAIN (BRUTE-FORCE)

CAIN (BRUTE-FORCE)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback