Thursday, October 9, 2008

Password Cracking Geekiness

Since I'm stuck in the terminal on my way to Boston I figure I might as well be contrarian and post about something besides the stupidity of Airport security.  On that note though, why we as a society haven't risen up and revolted against having to take our shoes off I will never know...

There are really two approaches to dictionary attacks in password cracking.  It's kind of appropriate that John the Ripper (JtR) and Cain and Able (C&A) take different sides in that divide considering their user-bases get along about as well as Mac and Windows users.   As you probably know, in a standard dictionary attack you take dictionary words and mangle them in a predefined way.  For example you take the dictionary word "password" and turn it into "P@ssWord99".  Where the two approaches differ though is in what order they apply the mangling rules to dictionary words.

The first approach, which JtR takes, runs through the rules in order.  It applies each individual mangling rule to all the dictionary words before moving on to the next rule.  For instance, if you have two dictionary words "foo" and "bar" it would create guesses in the following order:
foo1
bar1
foo2
bar2
FOO
BAR
....

C&A on the other hand applies all the mangling rules to each individual dictionary word before trying the next word.  Once again using "foo" and "bar" C&A would make the following guesses:
foo1
foo2
FOO
bar1
bar2
BAR

Now ideally if you have time to run through all your mangling rules/dictionary words then both options are equally valid.  The thing is, you generally want to crack passwords as quick as possible so you can move on to your next case.  So which approach is better?  I tend to favor the first approach as that assumes that the words in your dictionary have about the same probability, but the rules vary widely in how likely they are to generate a "hit".  In C&A, the view is you want to exhaustivly test the highest probability words first.  Now I admit, some words are much more likely to generate hits than others, "monkey, password, swear words, football, etc".  It's pretty easy to deal with that in JtR though as all you need to do is do two runs, the first one with a "high priority" dictionary and the second one with a larger less specific dictionary.

The main problem with C&A's approach is that you tend to get stuck on certain word/rule combinations.  For example, C&A gives you the option to try every single case combination, (aka PaSSwoRd).  Unless you prune your dictionary though, you can find yourself spending all day/week on words like "supercalifragilisticexpialidocious".  Also, if your dictionary is a million words long, you usually are better off trying the highly likely rules  first on all the dictionary words before you start doing things like adding four digits to the end of passwords.

That being said, the biggest advantage of C&A's approach from a generating/coding standpoint is that it is very hard to do comprehensive case mangling or character insertion in the approach JtR takes.  You would need a rule for every possible option, which can quickly balloon into 1,000's of rules.  Also since your dictionary words are of different lengths, you waste some time trying to mangle words only to find out they aren't long enough for that rule to apply to them.  In short, that's one huge advantage C&A has over JtR.  When cracking passwords, I'll often run them through C&A on one computer just to take advantage of it's case mangler even though I do a majority of my cracking with JtR.  That's annoying to say the least, and C&A doesn't give you much flexibility in the rules you apply to it, (aka you can't do case mangling AND add a number to the end) so I'm working on a script to allow the use of a hybrid approach in JtR.  I'm tempted to call it Mowndo the word mutilator (It's got electrolytes... See the movie idiocracy if you don't get it).  It takes a JtR config file and applies the standard JtR rules in order, (like normal), but it also performs case mangling like C&A.  Once again using "foo" and "bar" it would produce:
foo1
Foo1
fOo1
foO1
bar1
Bar1
bAr1
baR1
foo2
Foo2
fOo2
.....

Now for the most part this doesn't matter since only about 8% of normal password contain an uppercase letter.  Of those 8%, a vast majority of them either capitalize the first letter, capitalize everything, or cap vowels.  What we are really interested in though is trying to crack those "strong" passwords.  When targeting them, this approach might help us a bit.  In short, it's not something you would want to do at the beginning of your cracking session, but it would be useful to use before you give up and resort to bruteforcing the password.

No comments: