Defcon talk: Cracking 400,000 Passwords or How to Explain to Your Roommate why the Power Bill is a Little High by Matt WeirFrank Breedijk
Update: Matt's blog, Slide deck, Sebastien Raveau's word list (1, 2)
There are basically two types of password cracking, Online by trying usernames and passwords directly in the login screen. This only gives you a few tries since the system and its countermeasures is still opertional. Offline, by trying to match passwords against password hashes, mostly for forensic reasons.
Basic cracking process:
1. Generate a lot of password guesses
2. Generate hashes for these passwords
3. Compare the hashes against the target hashes
4. If you don’t have enough, redo from 1
Matt at first did most of his research work from home, not going into the lab, but after his first power bill arrived which was increased by 75% he used a 3 year old Dell in his lab.
If you want to investigate how human generate passwords, you have to have a list of user generated passwords, but where can you get them? (Un)fortunately hackers helped us out and there is such a list available.
The hacker who compromised Phpbb.com website published a list of 259k unsalted md5’s and 83k salted hashes. Because of time limitations, Matt only attacked the unsalted MD5 hashes. The hacker himself submitted 117k hashes to an online password cracker. 24% of the passwords were cracked (28,635).
He used an online cracker called hashkiller.com. They do a good job and track how efficient they are and how efficient other crackers are. There is also md5-utils which is a site that submits hashes to other sites as well. However if you are going to use such a system and think that the owners are not going to keep a copy of the found passwords you are too naïve to work in security.
There are also crackers you run on your own machine. The best one is John the ripper. It is free and open source. It is actively maintained and has an active community. If you can think of a problem that might occur, it is usually already covered in John the Ripper. As an added bonus John the Ripper take its password guesses from standard input.
Usign John the Ripper Matt was able to get the following results:
4 hours - 38% cracked.
1 week - 62% cracked.
1 month and 1 week - 89% cracked.
Currently - 95% cracked.
Some quick password statistics:
Average length of a password: 7.2 characters long
Only 6% of the passwords contained an upper case character.
Only 1% of the passwords contained a special character.
51% of the passwords consist only of lower case letters.
So where are you going to take your passwords from? There are good word files out there. Large word lists are good if the system does not enforce any password policy.
Sabastien Raveau has created an excellent word list by getting all words from all Wikipedia and related projects articles. But you can also used John the Rippers generator which is based on linguistic probability.
If a system enforces password policies, you are better of with smaller more specific word lists preferably one which is based on previously cracked hashes. Unfortunately Matt cannot share his results due to privacy implications.
There are ways to speed up the brute force process, by using Probabilistic Cracking Certain Words more often used, e.g. password, monkey and football are very common. Also certain mangling principles are more popular then others: appending 123, 007or $$$, capitalizing the first character, replacing the o by 0, etc.
Matt program takes words and mangling rules and assigns a weight to them. Then it starts with the most likely combinations.
Matt then shows a demonstration which clearly shows that weak passwords get cracked first.
Matt strongly believes that forcing frequent password changes does more harm then good. Humans are clearly not good at generating truly random passwords and if you let them do it often you only decrease anthropy.
Matt also indicated that salting passwords (adding a random string to the password before hasing) greatly increases the amount of effort required to brute force password hashes. It means that every hash has to be tried with every salt. But, salting only works if multiple passwords are decoded, it does not make a single hash more secure.