1 / 10

Brute Force Password Cracking and its Role in Penetration Testing

Andrew Keener and Uche Iheadindu. Brute Force Password Cracking and its Role in Penetration Testing. Background. A cryptographic hash function is an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value.

eforbes
Download Presentation

Brute Force Password Cracking and its Role in Penetration Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Andrew Keener and Uche Iheadindu Brute Force Password Cracking and its Role in Penetration Testing

  2. Background • A cryptographic hash function is an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value. • Cryptographic hash functions are used to encrypt passwords in many corporations • Password strength can be a key vulnerability in large corporations without proper policies on password security.

  3. Password Security in Relation to Penetration testing • Penetration testing involves trying to take control over systems and obtain data • One of the ways this is accomplished is by exploiting weak password schemes • If password auditing is not a part of penetration testing you leave yourself open to the likelihood of a breach

  4. Password Cracking, What are we trying to prevent? There are several methods for password cracking available. • Brute-force cracking, in which a computer tries every possible key or password until it succeeds. • Dictionary attacks, pattern checking, word list substitution, etc., attempt to reduce the number of trials required and will usually be attempted before brute force.

  5. Password length and relative security

  6. Focus of this presentation: Brute Force • Http://hashsuite.openwall.net - Hash Suite Demo

  7. Http://www.golubev.com/blog -ighashgpu • Another good open source program: HashCat: HashCat.net

  8. GPU vs CPU hashing comparison Laptop(Amd A8 3400M... 4 cores): Averages about 100 million passwords per second. (6 characters) Desktop(GPU: ATI Radeon HD 5970... 40 cores): Averages about 2.2 billion passwords per second. (7 characters) • This is why recommendations are being made currently to have no less than 12 characters using uppercase, lowercase, digits, and special characters.

  9. Questions?

  10. Sources: • Wikipedia, Cryptographic Hash Function: http://en.wikipedia.org/wiki/Cryptographic_hash_function#Password_verification • Wikipedia, Password Cracking:

More Related