Reusable Security

This is part #2 in a (mumble, cough, mumble) part serious of posts discussing the results published in the paper I co-authored on the effectiveness of passwords security metrics. Part #1 can be found here . I received a lot of insightful comments on the paper since my last post, (one of the benefits of having a slow update schedule), and one thing that stands out is people really like the idea of password entropy. Here’s a good example: “As to entropy, I think it would actually be a good measure of password complexity, but unfortunately there's no way to compute it directly. We would need a password database comparable in size (or preferably much larger than) the entire password space in order to be able to do that. Since we can't possibly have that (there are not that many passwords in the world), we can't compute the entropy - we can only try to estimate it in various ways (likely poor)” First of all I want to thank everyone for their input and support as I really apprec...

I'm in Chicago at the ACM CCS conference , and the paper I presented there: "Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords", is now available online. Direct Download of PDF View Online Since I had the paper and presentation approved through my company's public release office I was given permission to blog about this subject while the larger issue of my blog is still going through the proper channels. Because of that I'm going to limit my next couple of posts to this subject rather than talking about the CCS conference as a whole, but let me quickly point you to the amazing paper " The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis ", written by Yinqian Zhang, Fabian Monrose and Michael Reiter. In short, they managed to obtain a great dataset, their techniques were innovative and sound, and there's some really good analysis on how effective password expiration poli...

This is just a quick post to let you know that I for once have a valid excuse for not updating this blog in a timely manner. I actually found a job! Thanks to everyone who offered help, recommendations and encouragements. The only catch is that right now it's being decided if I have to run my posts through our public release office or not. Don't worry, this blog is not going away regardless of the decision.. It might just gain a few unwilling readers ;) As to my new company, I'm going to keep that a bit of an open secret. This blog reflects my personal views. I certainly don't speak for them, and I plan on avoiding any topics that have to do with my day job, (Don't worry, I'm not doing any password cracking there). Once again thanks, and I'll resume posting once I get the OK and can update this blog while complying with company policies. I just want to make sure I handle this situation the right way.

I'd be remiss if I didn't spend a little time talking about the "Crack Me if you Can" competition at Defcon. It's really been amazing the amount of interest that this contest is drumming up. People are excited; it seems like everyone is refining their mangling rules, putting together new wordlists, and finishing up various password cracking tools. The impact that this is having on the password cracking community as a whole is hard to overstate. Needless to say, I'm a fan of that, and I have a ton of respect for Minga and the folks at KoreLogic for putting this together. I'll be participating, though I certainly don't plan on winning. What I'm really looking forward to though is the chance to meet with everyone else and learn what other people are doing. I'm hoping this turns into an event like the lockpicking village with the contest being almost besides the point. Of course I might be saying that because I'm going to get creamed as well......

The above picture is of my Subaru Baja. Sometime last night, someone broke my back window, and stole almost everything from my car, (they apparently did not like my music; btw Punk is not dead). Normally this would be a costly annoyance, but in this case I'm in the process of moving and finding a new job. While most of my stuff is sitting safely in a storage locker, I still had several boxes of various items stored in my back seat, including unfortunately my "to-go" bag. My to-go bag contained all of my important possessions that I planned on grabbing if my house was in the process of burning down. For example, it contained two thumb drives with backups of all of my work plus assorted other documents. I'm not worried about them though since I used TrueCrypt. Good luck cracking those, which BTW, is the reason I love TrueCrypt. What I am concerned about though is that my social security card, my passport, my birth certificate, my extra banking checks, and a whole lot of...

Digging into this data is like watching an episode of Lost . Whenever it seems like one question gets answered, about ten other questions pop up. Before I get into details, I want to start with a comment Per Thorsheim sent me as to what other password cracking programs support salted sha1 hashes: The sha1(lowercase_username.password_guess) is at least supported by these: Extreme GPU Bruteforcer ( www.insidepro.com ) hashcat and oclhashcat (cpu/gpu respectively) www.hashcat.net I'm kicking myself for not thinking about hashcat, since it's a extremely powerful password cracker; plus it's free. Unfortunately the GPU version doesn't support the salted sha1 hash type, but even the non-gpu version is quite nice. As for InsidePro, it also is very good, though it does cost some money. I've had a license-free version of questionable origin offered to me before, but I turned that down. Legality aside, installing pirated software given to you by shady people at a hacker confe...

So I figure I probably should get around to looking at the passwords in this list, since password cracking techniques are the focus of this blog... First though, a real quick definition. I needed to decide what to call the various parties involved in this whole shenanigans. For example, when I'm talking about the 'hackers', am I referring to the people collecting stolen credit card data who belonged to the board, or the people who hacked carders.cc? Likewise, if I use the term criminals, that could refer to both groups as well. Therefore, in my blog posts I'm going to use the following terms to refer to the two groups: Carders/Users : The people who belonged to the board. Normally I would also use the term 'victims', but I don't want to honor them with that title. Hackers/Attackers : The people who broke into the forum and posted the data online. Ok, now that we have that out of the way, the rest of this post is going to be broken up into four parts: Executi...

I just wanted to point everyone over to Cedric Pernet's bog where he did an amazing job analyzing the e-mail addresses that the carders had used. You can view his work at the following link: http://bl0g.cedricpernet.net/post/2010/05/20/Fraudsters-e-mail-addresses It shouldn't come as a surprise, but just because someone is a cybercriminal doesn't mean they are smart. Also, if you or anyone you know is doing research into this, feel free to forward me the links. I only found Cedric's blog on a reference in another post on page 8 of a Google search I did, (aka I stumbled on it by pure luck). Thanks!

As the title says, Carders.cc, a German forum for the buying and selling of stolen credit cards was hacked and a ton of information was posted publicly online. For a more detailed description, I highly recommend reading the always excellent Brian Krebs writeup on the incident . I'm going to skip right past my feelings on the subject. The short version is, while part of me is laughing inside, I tend to think such vigilante justice is often counter-productive. I just wish people like that could work with the system because by doing so you can sometimes achieve spectacular results . Instead I'm going to focus on the data itself and what it can tell us from a research perspective. So far I've managed to download the writeup of the attack, which also includes IP addresses, usernames, e-mail addresses, and password hashes. I'm also currently in the process of downloading what I think is the listing of all the private messages, though it may just turn out to be viruses and fa...

You've all heard me complain/stress out about writing my dissertation, so now that it's done of course I'm going to post it online. My PhD. dissertation, "Using Probabilistic Techniques to Aid in Password Cracking Attacks" is available for download from my tools page here . A lot of it is going to look fairly familiar if you've seen my talks or been reading this blog, which makes sense since my dissertation is a summary of what I've been up to for the last three years. Here's a quick breakdown of what's in it: Chapter 1: Overview + background info The need for password cracking General terms and techniques Obtaining the datasets, and basic statistics about the datasets A quick survey of common password hashes and popular password cracking tools Chapter 2: Brute Force Attacks 95% of it I've talked about on this blog before The remaining 5%, which I really should post an entry on, is a comparison of a targeted brute force attack against a pure Ma...

Since I'm graduating, I was informed that I might not be able to keep my weir@cs.fsu.edu e-mail address. I'm trying to see what I can do to hold onto it, but for the time being I'd recommend e-mailing me at reusablesec@gmail.com.

Over at the John the Ripper mailing list , (I'm sure you already belong to it right?!), SolarDesigner, the creator of JtR, raised the following question about the re-ordered Single Mode rule-set I released last night. It is not clear whether you have full (or any) separation between your training and test sets when you re-order the rules. (You do say that you have such separation for your "UnLock" test, but that's another one.) In other words, the improvement from "Original Single Rules" to "Edited Single Version 2" that you've demonstrated might be partially attributable to you training (re-ordering) the rules on the same set that you later test them on. It's a valid question and it's something I've worried about myself. Referring back to my original post : For the target set, the RockYou list seemed like an obvious choice. I actually used a subset of the RockYou list of one million passwords I designated for training purposes, (t...

While I've been doing a lot of analysis, I figure it's been a while since I actually released anything. That obviously needs to change. As one small step in the right direction, I decided to optimize John the Ripper's "Single" mode word mangling rules for use in normal dictionary based attacks. If you don't want to read through the rest of this post on my methodology, you can grab the new rule-set right here . To make use of it in a cracking session, simply enter the flag: -rules=Modified_Single For a more detailed explanation on what I did, please read on. The Problem: First of all, did you know that starting with John the Ripper version 1.7.4 you can have multiple rulesets in the same john.conf config file? Also SolarDesigner added a several new mangling rules, (such as the ability to insert/append whole strings), and increased the speed at which the mangling rules generate guesses. I know the current 1.7.5 branch is still not considered the stable version,...