Upload File

a new time-memory-resource trade-off method for password recovery communications and intelligence...

  • Home
  • Documents
  • A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference
10
A New Time-Memory- Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference Authors: Wei Zhang Coll. of Compute., Nanjing Univ. of Posts & Telecommun., Nanjing, China Mengyuan Zhang ; Yiyang Liu ; Ruchuan Wang 1

Upload: lily-whitehead

Post on 03-Jan-2016

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

A New Time-Memory-Resource Trade-Off Method for Password

RecoveryCommunications and Intelligence Information Security

(ICCIIS), 2010 International Conference Authors: Wei Zhang Coll. of Compute., Nanjing Univ. of

Posts & Telecommun., Nanjing, China Mengyuan Zhang ; Yiyang Liu ; Ruchuan Wang

1

Page 2: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Password crackThere are two common ways to crack the password if we know the encrypted password:

•Brute-force attack.• Try every passwords until you find the right one.• Time costs may be large.

•Lookup table.• Create a list of passwords and their encrypted results, then

search them.• Crack Fast but need large storage.

•Time-memory tradeoff

2

Page 3: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Rainbow table method

• Reduce function : maps hashes to plaintexts.

• Hash chain

3

Page 4: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Rainbow table method

4

Page 5: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Rainbow table method

5

Example: Hash chain

•Give a hash “3626”1. Can not find 3626 in h32. R2(3626) = 363. H(36) = 4202(match)4. Look up the table and find the p1 is 255. H(25) = 20596. R(2059) = 597. H(59) = 3626 The plaintext is 59!!

Page 6: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

The rainbow chain with multi-resources

• Dividing a large rainbow table into several small rainbow sub-tables.

• Server-Client mode– Step1: Initialize, ensure each client has corresponding

rainbow tables; – Step2: Start crack password, generate crack task; – Step3: Collect the information of the clients including

specialized resources; – Step4: According to the Step3 results, generate sub-tasks and

dispatch to clients; – Step5: Coordinate the clients, broadcast cracked hash

message to clients to cancel the cracked job; – Step6: Collect the results form the clients, close the clients’

connection, and end the whole crack task. 6

Page 7: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

The rainbow chain with multi-resources

7

Page 8: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Result

• CPU: Pentium4 CPU 2.93GHz, Memory: 256MB, Hard Disk: 7200, Windows XP Professional SP2

8

Page 9: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Summary

• Large storage space and the requirement of cracking time is rainbow table’s bottleneck in single machine.

• Cracking resources extend the two dimensional ( space and time ) exchanging problems of original rainbow chain.

9

Page 10: A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference

Reference

• M. E. Hellman, “A Cryptanalytic Time-Memory Trade-Off’, IEEE Transactions on Information Theory, Vol. IT-26, No.4, 1980 ,pp.401-406.

• http://en.wikipedia.org/wiki/Rainbow_table• http://www.rainbowcrack.com

10

http://en.wikipedia.org/wiki/Rainbow_table
http://en.wikipedia.org/wiki/Rainbow_table
http://en.wikipedia.org/wiki/Rainbow_table

VBA Password Recovery Software

Exploration Password Recovery

SQL Server Password Recovery

Password Recovery

Error-Tolerant Password Recovery

No Service Password-Recovery · Information About No Service Password-Recovery Cisco Password Recovery Procedure TheCiscoIOSsoftwareprovidesapasswordrecoveryprocedurethatreliesupongainingaccesstoROMMON

eSoftTools PST Password Recovery

ISE: Password Recovery Mechanisms

eSoftTools 7z Password Recovery

MS Excel password recovery to crack XLSX password & Recovery Excel password

PST Password Recovery Software

SysInfoTools Access Password Recovery · SysInfoTools Access Password Recovery 2 1. SysInfoTools Access Password Recovery User's Guide SysInfoTools MS Access Password Recovery Version

ODI Password Recovery

FOS Password Recovery Notes

Excel Password Recovery Utility

SysInfoTools PST Password Recovery

MS Excel Password Recovery

Windows Server Password Recovery

28d6 office password recovery

MDB Password Recovery Software

faster password recovery

Excel Password Recovery Tool

ABF Password Recovery

Brocade Fabric OS Password Recovery Notes - CAGED …€¦ · Fabric OS Password Recovery Notes 1 53-1000114-05 Chapter Fabric OS Password Recovery Notes 1 In this chapter •Password

7 Password Recovery Tools