1 / 19

computer and network security

computer and network security. matt barrie <mattb@ee.usyd.edu.au>. Pre-computation attacks. A rainbow table is a time-space attack on symmetric cyphers and hash functions. The idea comes from an earlier attack using pre-computed hash chains… Two Phases Pre-computation Phase

tass
Download Presentation

computer and network security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. computer and network security matt barrie <mattb@ee.usyd.edu.au> handout 7 :: rainbow tables

  2. Pre-computation attacks • A rainbow table is a time-space attack on symmetric cyphers and hash functions. • The idea comes from an earlier attack using pre-computed hash chains… • Two Phases • Pre-computation Phase • Online Attack Phase (Cryptanalytic Attack) Pre-computation Phase • The idea comes from an earlier attack using pre-computed hash chains… start -> h(start) -> h(h(start)) -> h(h(h(start)))…. • We store the start point, end point and length of the chain • The chains stops after a fixed number of iterations or a “collision” into an existing end-point (in which case we merge chains) • If we increase the length of our chains we decrease the size of the table but increase the time taken to iterate over each chain.. (the “time/space tradeoff”) handout 7 :: rainbow tables

  3. Online attack phase Online Attack Phase • To reverse a given hash Y we simply keep hashing it and comparing to our list of end points (small) .. when we find a match we lookup the start value and repeatedly hash until we get to our value Y again.. The value before that is our preimage.. handout 7 :: rainbow tables

  4. Rainbow Tables • First pioneered by Philippe Oechslin as a fast form of time-memory tradeoff, which he implemented in the Windows password cracker 0phcrack (a play on l0phtcrack). • A rainbow table is slightly modified form of the precomputation attack. A reduce function is used after each hash. • The reduce function is an “onto” function that maps a hash to a desired password in the character set • lowercase alphanumeric passwords of 8 characters long • case sensitive passwords of 5-16 characters in length • valid UNIX passwords (96 symbols, 8 characters) handout 7 :: rainbow tables

  5. Rainbow Tables • The reduce function is an “onto” function that maps a hash to a desired password in the character set • reduce(hash(a password)) → next password • After a chain containing a suitable number of passwords is created, the final password in the chain is hashed, and the final hash and the starting password are stored together in the rainbow table. • To reverse a hash, look for it in the table. If it isn't found, the following is done to get another hash to try: • hash(reduce(a hash)) → next hash • We keep going until we find the hash in the table. When we find it, we again lookup the start value for the chain and repeatedly hash until we find out value.. handout 7 :: rainbow tables

  6. Rainbow tables handout 7 :: rainbow tables

  7. Rainbow Tables • Rainbow tables use a different reduction function for each "link" in a chain, so that when there is a hash collision in two or more chains the chains will not merge so long as collision doesn't occur at the same position in each chain. • As well as increasing the probability of a correct crack for a given table size, this use of multiple reduction functions approximately doubles the speed. • The end result is a table that contains statistically high chance of revealing a password within a short period of time, generally less than a minute. The success probability depends on the parameters used to generate it. These include the character set used, password length, chain length, and table count. handout 7 :: rainbow tables

  8. Rainbow Tables • We want to reverse the hash “re3xes” • We apply reduction function R3 and get “rambo” .. we check the table and don’t find it there • We then restart using R2 followed by R3 (and keep doing this with 3, 4, 5 reductions until we succeed). • We can see that with two reductions we get “linux23” which is in the table • We lookup the start value “password” and then start our search of this chain, comparing the hash at each iteration to our target hash “re3xes”. Once we find it we stop, and we discover the password “culture” that generated that hash value.. handout 7 :: rainbow tables

  9. Rainbow Tables • Rainbow Table for LanManager passwords (windows) config #0 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ ] Keyspace 8353082582 Table size 610Mb Success probability 0.9990 Cracks 5-alpha in a few seconds http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg0.txt • Rainbow Table for LanManager passwords (windows) config #1 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ] Keyspace 80603140212 Table size 3 GB Success probability 0.9904 handout 7 :: rainbow tables

  10. Rainbow Tables Demonstration of RainbowCrack 1.2 software to crack 5 alpha only windows password in 30 seconds. Below is the screen output of the cracking process. The pwfile file contain 5 windows password hashes in pwdump format. The *.rt file are precomputed hash table files (rainbow table) we generated before with rtgen.exe utility. The rcrack.exe program find all plaintext in 24 seconds, with additional 6 seconds to load the files from disk. This demonstration run on a PC with one P4 3.0GHz processor and 512MB memory. ============================================================================================================= D:\rainbowcrack-1.2-win>type pwfile user0:1455:686f63d42397d2e30f97d26b0aca50d3:4170b8c7ef39e916ddffb3a2c61a6c61::: user1:1456:9ebd77263561ef2d0d075e2a1597d7bc:d5ec0d453fade7329c81eaa4fd78fc63::: user2:1457:1a993db3c3a8a908eb5e0c18c96b74de:c514fc8b1803747aa8be2fe087289fc2::: user3:1458:377f3240bafa098d5dca0224fb2b1540:7d9ddf6199d27e12f50f5920f14c4dfd::: user4:1459:25a1d3832aaf6f83caa7a34441025581:2eb5e84791b35ba90480004a28787753::: D:\rainbowcrack-1.2-win>dir k:\rt0\*.rt Çý¶¯Æ÷ K ÖеľíÊÇ SATA0 ¾íµÄÐòÁкÅÊÇ 64BE-26CB k:\rt0 µÄĿ¼ 2003-09-01 09:59 128,000,000 lm_alpha_0_2100x8000000_all.rt 2003-09-01 09:59 128,000,000 lm_alpha_1_2100x8000000_all.rt 2003-09-01 10:00 128,000,000 lm_alpha_2_2100x8000000_all.rt 2003-09-01 10:00 128,000,000 lm_alpha_3_2100x8000000_all.rt 2003-09-01 10:01 128,000,000 lm_alpha_4_2100x8000000_all.rt 5 ¸öÎļþ 640,000,000 ×Ö½Ú 0 ¸öĿ¼ 9,026,281,472 ¿ÉÓÃ×Ö½Ú handout 7 :: rainbow tables

  11. Rainbow Tables D:\rainbowcrack-1.2-win>rcrack k:\rt0\*.rt -f pwfile lm_alpha_0_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.55 s verifying the file... searching for 10 hashes... plaintext of 686f63d42397d2e3 is WHJJGXA plaintext of 1a993db3c3a8a908 is JLXNYLY plaintext of 377f3240bafa098d is OFCVPLL plaintext of 5dca0224fb2b1540 is CGRVFOK plaintext of 25a1d3832aaf6f83 is DRLMYRX plaintext of caa7a34441025581 is GWEIVEK cryptanalysis time: 19.64 s lm_alpha_1_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.30 s verifying the file... searching for 4 hashes... plaintext of 0f97d26b0aca50d3 is JAQPRMN plaintext of 9ebd77263561ef2d is BMRBAHY plaintext of 0d075e2a1597d7bc is RHFKPQT plaintext of eb5e0c18c96b74de is LSKMQQT cryptanalysis time: 4.39 s statistics ------------------------------------------------------- plaintext found: 10 of 10 (100.00%) total disk access time: 6.84 s total cryptanalysis time: 24.03 s total chain walk step: 16450006 total false alarm: 15687 total chain walk step due to false alarm: 13952333 handout 7 :: rainbow tables

  12. Rainbow Tables • Rainbow Table for LanManager passwords (windows) config #5 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ] Keyspace 915358891407 (2^39.7) Table size 24 GB Success probability 0.99909 Demo: crack of following windows password:    N73k_a7()TUBoK    PrFa$=ptRcb^__    z %G)r*EW&2nk#    cjST$=W0U*-5CH    (zw= ijV$i*vEX http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg5.txt http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg5.wmv handout 7 :: rainbow tables

  13. Rainbow Tables • Rainbow Table for LanManager passwords (windows) config #6 Charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] Keyspace 7555858447479 (2^42.8) Table size 64 GB Success probability 0.999 Demo: crack of following windows password:    }m-6BRz*Cj=J}G    D2@,:H?+e5#: $    Ot\KZ?/a/qr4d^    yc~<{1!Oe}l_j|    5~|3&-K^4S#c3q Broken in minutes.. handout 7 :: rainbow tables

  14. Rainbow Tables • Rainbow Table for MD5 (loweralpha-numeric 1-8) Charset [abcdefghijklmnopqrstuvwxyz0123456789 ] Keyspace 2901713047668 Table size 36 GB Success probability 0.99904 10 MD5 hashes broken in 35 minutes.. • Rainbow Table for Microsoft Office • 40-bit encrypted files decrypted in 5 minutes on average • One table for MS Word and one table for MS Excel • Table size is 40 GB • 99.9% accuracy MS Office • The obvious problem here is the precomputation needs only be done once.. And the attack is extremely scalable. • Of course, the files are now available on bit torrent.. and rainbow tables crackers are now online on websites.. • Salts are one way to defeat rainbow tables.. handout 7 :: rainbow tables

  15. FPGA Rainbow Tables Cracker In 2005, Malcom Sumantri and I decided to implement a rainbow tables cracker in FPGAs.. handout 7 :: rainbow tables

  16. FPGA Rainbow Tables Cracker Online System handout 7 :: rainbow tables

  17. Experiment and Results • Experiment • Cryptanalytic attack on 40-bit DES since the resources to break DES is out-of-reach for the budget in this thesis. • Use Sensory NetworksTM NodalCoreTM C-1000 PCI Card. • Xilinx® Virtex-II Pro VP-40 FPGA • Flexible chipset architecture to embed our hardware engines. • PCI interface allows for high-speed communications. • Results • 40-bit DES Rainbow Table can be generated in less than 4 hours. Table parameters allows for 85% cryptanalytic success probability. • Fastest known implementation in the literature based on results. • Online attack of 40-bit DES in 30.8 seconds. handout 7 :: rainbow tables

  18. Data Analysis • Performance-Cost Analysis • Determine the FPGA chip that provides the highest performance for the lowest cost. • Synthesized the hardware designs for various Xilinx FPGAs. • Spartan 3 S-1500 provides the highest performance-cost relative to other Xilinx® FPGA chips. • Extrapolate the design of a machine to break DES (56-bit key length) • Result: DES can be broken with 85% success probability in 72 minutes for an approximate cost of US $1,210. handout 7 :: rainbow tables

  19. Data Analysis • FPGAs provides a low cost and effective solution to cryptanalysis. • Rainbow table attacks provide a faster attack time compared to brute-force, but brute-force uses less resources, that is, memory resources. • For large key sizes, the rainbow table attack becomes infeasible as memory costs is prohibitive. handout 7 :: rainbow tables

More Related