Professional Documents
Culture Documents
4779 Brute Forceanddictionaryattackonhashedreal Worldpasswords
4779 Brute Forceanddictionaryattackonhashedreal Worldpasswords
net/publication/326700354
CITATIONS READS
67 19,825
3 authors, including:
Leon Bošnjak
University of Maribor
13 PUBLICATIONS 122 CITATIONS
SEE PROFILE
All content following this page was uploaded by Leon Bošnjak on 19 February 2019.
Abstract - An information system is only as secure as i ts Several additional solutions were suggested, such as
weakest point. In many information systems that remains to password meters, pre-assigned strong passwords and salts.
be the human factor, despite continuous attempts to educate An alternative login method in form of smart cards was
the users about the importance of password security and proposed as well, but such method is plagued by another
enforcing password creation policies on them. Furthermore , set of flaws [2].
not only do the average users’ password creation and
management habits remain more or less the same, but the Zviran and Haga observed that characteristics of user
password cracking tools, and more importantly, the created passwords did not change in the internet era.
computer hardware, keep improving as well. In this study, Passwords are still weak and easy to guess, mainly
we performed a broad targeted attack combining several because users keep employing predictable patterns and
well-established cracking techniques, such as brute -force, common words, such as names and birth dates.
dictionary, and hybrid attacks, on the passwords used by Furthermore, the level of data importance or sensitivity
the students of a S lovenian university to access the online does not affect password composition. They concluded
grading system. Our goal was to demonstrate how easy it is that the length, change frequency, and selection method
to crack most of the user-created passwords using simple are not related to writing down a password, while its
and predictable patterns. To identify differences between composition is. A set of guidelines for selecting and
them, we performed an analysis of the cracked and
implementing user-selected passwords and mechanisms
uncracked passwords and measured their strength. The
results have shown that even a single low to mid-range that monitor their implementation was also proposed [3].
modern GPU can crack over 95% of passwords in just few Klein went into details on what to put into dictionaries,
days, while a more dedicated system can crack all but the suggesting permutations, keyboard patterns, names,
strongest 0.5% of them. changing character cases and covering foreign languag es .
Perhaps the most useful advice was using word pairs,
Keywords – password cracking; password security; brute although such dictionaries can become quite large. He
force attack; dictionary attack; hashed passwords
used a relatively small, but diverse dictionary that
contained phrases ranging from sport teams to names of
I. INT RODUCT ION asteroids. To improve security, smart cards and password
Password based authentication remains the most checkers were suggested yet again [4].
common way of granting access due to its simplicity, For the past four decades, the battle against user habits
despite many well documented flaws. While progress has and laziness has remained in full swing. With advances in
been made from the technical point of view, the weakest technology, even longer passwords are becoming more
link remains the human factor. This was already pointed vulnerable, the dictionaries grow larger each day and all
out nearly 40 years ago, when Morris and Thompson precautions cannot deter users from making bad decisions.
addressed the issue of UNIX password security, A study on password meters concluded that they increas e
identifying numerous issues and proposing several password strength for the important accounts, while for
countermeasures. They concluded that the algorithm (in the unimportant accounts they make no observable
that case DES), used in the encryption of plaintext difference [5]. Additionally, password policies can be
passwords, was too fast, which made them prone to brut e - more of a help to the attacker, because they reveal the
force attacks. To put things into perspective, back then, minimal search space. Given that the users most often try
cracking a 6 lowercase character password using an to satisfy rules with as little effort as possible and thus use
average CPU took 107 hours, while today it takes roughly predictable patterns, an adversary can prioritize such
20 seconds. They also pointed out, that user-created passwords in their attack while ignoring weaker ones.
passwords were not only short, but also predictable, and Another important aspect of password security is frequen t
were thus likely to appear in dictionaries [1]. password change, but despite educating the users about
A decade later, a follow-up study by Feldmeier and the problem, the majority still does not change their
Karn found out that password creation habits remained password once it has been set [6].
weak, while cracking methods and the algorithm speed The aim of this study is to crack as many passwords
improved. They concluded that in order to improve used by the students to access the university’s online
password security, password entropy should be increased .
grading system as possible, in order to demonstrate just AMD Radeon R9 280X, 8GB of RAM (DDR3 1600, PC3
how predictable and weak they really are. We were 12800, 9-9-9-24, CAS9) and i5-4670k (@4GHz) with
interested in the differences between the used cracking Windows 10 Pro (x64) OS was used. Benchmark hashrate
techniques, their success and time consumption. Finally, for MD5 hash function using this system was
we performed the analysis and compared cracked and approximately 8,900 MH/s. In the second part, we used a
uncracked password characteristics and measured their more dedicated system. With three nVidia GeForce Titan
strength with bits of entropy. X Pascal, 64GB of RAM (DDR4 2400, PC4 19200, 16-
16-16) and i7-6700k (@4GHz) with Linux Mint (x64) OS,
II. DAT A ACQUISIT ION the combined hashrate during benchmark reached
approximately 88,500 MH/s.
185,643 passwords in MD5, SHA-1 and SHA-256
hashed form (and later in plaintext) were acquired, of All the executed attacks are gathered in Table I. They
which 151,136 were unique. They were created between are grouped by the method of the approach and the result s
1980 and 2013 and were used to access the university’s are also summed for each category. Sequence number
online grading system. Two default password patterns denotes the order in which the attacks were executed, and
were identified. The main reason for duplicates are the system column marks the computer used for the given
passwords, generated with the first pattern, consisting of attack. Some of the attacks were not completed and ran
two lowercase letters, derived from the students’ first and until they were interrupted. Few of the times are estimated
last names, followed by four letters. The newer, improved due to the missing final report of the process, since they
pattern consisted of one uppercase, one lowercase letter, were paused and then resumed on another occasion. In th e
and six digits, all in random order. There were 154,505 following chapters, each approach is described, and the
(83.23%) default passwords, of which 144,250 (77.7%) more important results are singled out. It should also be
matched the old pattern, and 10,255 (5.52%) the new one. pointed out, that most of the attacks could be combined
Therefore, only 31,138 (16.77%) passwords were user- during the more systematic approach.
generated.
A. Brute-force approach
Previous works using this data found user habits t o b e
in correlation with those described in [1], [2] and [3]. Perhaps the most well-known, this attack mode
Password strength did somewhat improve over time, but heavily relies on the raw computing power instead of
unfortunately not enough to match the technology. cleverness of the attacker. Cracking the old default
Students who changed the default password mos tly used pattern, for instance, took approximately 20 seconds for
short, simple, and predictable patterns [7]. An attempt to all 144,250 records (and some other passwords that
crack the passwords was made but was flawed in more matched the pattern), while the improved pattern was also
than one way. Each attack mode was performed on the later cracked in a single attack but took 10 hours and 20
entire set of passwords, while the additional letters did no t minutes. This time could be significantly shorter if the
include ‘đ’ or ‘ć’, only Slovenian ‘š’, ‘č’ and ‘ž’. attack covering all the possible arrangements of the letters
Dictionary used was not adapted to suit the language us ed and digits would be performed separately, because such
by the users but was instead build using large English detailed mask takes below one second to complete. Next,
wordlists. Lastly, only brute-force and dictionary attacks incremented attack was performed up to six characters in
were performed, skipping attacks such as combinator or length, taking 2 minutes and 12 s econds and yielding
hybrid and rules [8]. 12,056 passwords. That was followed by the mask for
digits only, from length seven to twelve characters, which
Ethical concerns were addressed as well. Mentioned took 3 minutes and 18 seconds and cracked 656
passwords are no longer in use, while additional data, such passwords. For further attacks on the remaining
as gender, year of birth and course of study, had been passwords, three custom charsets were constructed. First
anonymized by the university security service’s personnel. consisted of lowercase characters, including language
The use of such personal data without prior or written specific letters mentioned earlier, digits and the most
consent of a subject (e.g. student) is allowed for the common special characters, while the second included
purpose of research under Article 11 (2), Article 13 (2), uppercase letters as well. Third also contained letters from
and Article 32 (3) of the Data Protection Directive [9]. multiple less common foreign languages. All were
missing a common special character asterisk (‘*’), which
III. EXECUT ION OF T HE A TTACK later turned out to be a significant mistake, because the
only two uncracked passwords left with the length of 7
User-generated passwords were predominantly created
contained said character, and there were 10 more in the
by Slovenian students, therefore some of them contained
longer uncracked passwords .
language-specific letters, that are considered special
characters, such as “š” (used 181 times), “č” (used 160 The first few attacks that cracked a large amount of the
times) and “ž” (used 74 times). Letters “ć” (used 13 times) dataset provided an insight into user generated passwo rd s
and “đ” (used 4 times) were considered due to significant and used patterns, which were later considered in the
number of foreign students, mainly from former Yugoslav construction of the dictionaries. Weak passwords, like
countries. In order to crack passwords that contained such phone numbers, license plate numbers, birthdates and
letters, custom charsets were constructed. student IDs were all cracked as well.
All attacks were performed using hashcat v4.0.0 due to
its flexibility and portability. In the first part of the
experiment, a personal computer with a mid-range GPU,
TABLE I. ALL P ERFORMED ATTACKS WITH UNIQUE PASSWORD COUNTS AND TIMES OF EXECUTION
System
Seq. Attack Count % Time
no. ALL Attacks 150,213 100.00 ~35 hours 44 min
6 1 Increment to length 9 (foreign languages charset) 36 0.03 Aborted after ~15 min
17 2 Length 10 lowercase English alphabet and digits 222 0.15 ~20 hours
11 1 674,096-word dictionary, length 4 mask, custom charset, both sides 590 0.39 6 min 26 sec
14 2 2.15GB dictionary, incremented mask to length 5, both sides 34 0.02 2 hours 7 minutes
15 2 Rules (2.15GB dictionary, all included hashcat rules) 127 0.08 50 min 13 sec
Passwords Passwords
Character
Le ngth Cracked Uncracked Cracked Uncracked
sets
Count % Count % Count % Count %
All lengths 150,213 100.00 923 100.00 loweralphanum 124,775 83.07 587 63.60
1-4 characters 1471 0.98 0 0.00 mixedalphanum 10,211 6.80 1 0.11
On the other hand, uncracked passwords s till % of total 49.50 49.98 99.49
contained many less common combinations of names and Count 593 360 953
surnames, which exposes a flaw in the dictionaries. No
Results could be even better if the wordlists also contained % of total 0.29 0.19 0.51
a phone book or some similar larger list of names and Count 92,495 93,148 185,643
surnames, since it appears that names are even more Total
prevalent than previously thought. In cracked passwords, % of total 48.83 50.17 100.00
by males and 92,788 (49.98%) passwords by females were entropy. This can be further increased by adding special
cracked. Further, we performed a Mann-Whitney U test, characters in random word and random place by rolling
and observed that the cracked passwords created by the the dice. The source also states, that a physical dice must
male students had significantly higher entropy values than be used due to true randomness [15]. Password policies
the passwords by female students (U = 4,227,514,906.5, p could make picking such passphrases more complicated,
< 0.000). Among the uncracked passwords, the male users because no uppercase letters or digits are used.
are better represented. Their passwords represent almost
All things considered, it appears textual passwords are
two thirds of the uncracked passwords compared to just a
here to stay for foreseeable future due to their simplicity
third for the female users. There was no significant
difference in the entropy of uncracked passwords between and widespread use, however ever-increasing computing
power could raise the bar of reasonable security beyond
the sexes, however (U = 102,806, p = 0.337).
what users would consider practical. While less practical
Spearman’s rank-order correlation test determined that but more secure alternatives like the graphical passwords
there is a significant, albeit weak relationship between the or biometry could be the solution, the life of textual
year of the student’s enrollment at the university, and the passwords could be extended if stronger hash functions
entropy of their password (rs = 0.201, p < 0.000). This such as bCrypt were more commonly employed to protect
finding supports the conclusion that textual passwords are them.
slowly improving over time, likely due to user education.
Finally, we divided our sample into five groups based REFERENCES
on the students’ field of study: humanistics, natural, social [1] R. Morris and K. T hompson, “ Password Security: A Case
and technical studies, and transport. We discarded some of History,” Commun. ACM, vol. 22, no. 1 1, p p. 5 9 4–5 97, No v.
the older entries that did not include the field of study, 1979.
bringing the total to 178,518 passwords. Then, we carried [2] D. C. Feldmeier and P. R. Karn, “UNIX password secur ity - t en
years later,” 9th Annual International Cryptology Conferen c e o n
out the Kruskal-Wallis test, which showed that there are Advances in Cryptology, pp. 44-63, 1989.
significant differences between the social studies and all
[3] M. Zviran and W. J. Haga, “Password security: an empirical
the other groups (i.e. social-transport: χ2 (2) = -8,741.49, p study,” Journal of Management Information Systems, vol. 15, p p.
< 0.000) in terms of password entropy, whereas there were 161–185, 1999.
no significant differences between any of the other groups. [4] D. Klein, “Foiling the cracker: A survey of, and improvements to,
The mean rank for social studies was 32.56, followed by password security,” Proceedings of the 2nd USENIX Security
33.93 for transport, 34.02 for humanistics, 34.037 and Workshop, pp. 5-14, 1990.
34.044 for technical and natural sciences, respectively. [5] S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov , a n d
C. Herley, “Does My Password Go Up to Eleven?: The Impact o f
Password Meters on Password Selection,” in Proceedings o f t he
V. CONCLUSION SIGCHI Conference on Human Factors in Computing Sy st e m s,
2013, pp. 2379–2388.
Even though additional sophisticated approaches could
[6] V. T aneski, M. Heričko and B. Brumen, “Impact of Security
be employed, the results of the executed attack speak for Education on Password Change,” Information and Communication
themselves. Not only was the alarming amount of the T echnology, Electronics and Microelectr on ics ( M I PRO) 3 8th
passwords cracked, but the attack was also completed in a International Convention, 2015, pp. 1351–1355.
relatively short time period. Furthermore, the available [7] L. Bošnjak and B. Brumen, “What do students do with their
wordlists grow larger by the day while the computers get assigned default passwords?, ” Information and Commun ica tion
faster, allowing for these attacks to become even easier T echnology, Electronics and Microelectr on ics ( M I PRO) 3 9th
International Convention, 2016, pp. 1430–1435.
over time.
[8] B. Brumen and T . Makari, “Resilience of students' passwords
Another key thing to remember is that these passwords against attacks,” Information and Communicatio n T echno logy ,
were generated and used by the students, who are to s o me Electronics and Microelectronics (MIPRO) 4 0th I n terna tion al
Convention, 2017, pp. 1491–1495.
degree expected to be aware of security-related issues, and
[9] “EUR-Lex,” Directive 95/46/EC of the European Parliament a n d
possess more cognitive ability than the average user. In of the Council of 24 October 1995 on the protection of individuals
other words, they should in theory pick stronger, more with regard to the processing of personal data and on the free
secure passwords. This is either not the case, or the movement of such data, 1995, [Online]. Available: http://eur -
passwords created by the average users are even weaker. lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L00
Additionally, the age of the user and the year of the 46:en:HTML, accessed: April 2016.
[10] CrackStation, [Online] Available: https://crackstation.net/,
creation could also be considered in the analysis. accessed December 2017
From the results it seems that the length is the main [11] HashKiller.co.uk, [Online] Available: https://hashkiller.co.uk/
md5-decrypter.aspx, accessed December 2017
difference between the strong and weak passwords, so [12] M. L. Mazurek et al., “Measuring Password Guessabilit y f o r a n
perhaps the solution to at least some textual password Entire University,” ACM SIGSAC conference o n C o mput er &
issues could be a less known method called Diceware. The Communications Security, 2013, pp. 173-186.
goal is to create a long and hard to guess, yet secure [13] P. G. Kelley, “ Guess Again (and Again and Again): Measuring
passphrase using a random predefined 7776-word list Password Strength by Simulating Password-Cracking
available in multiple languages. Words are prepended Algorithms,” IEEE Symposium on Security and Privacy, 2012, pp.
523-537.
with five numbers from one to six. Each word is then [14] M. M. T aha, “ On password strength measurements: Password
picked by rolling the dice five times. Number of words entropy and password quality,” International Conf. on Computing,
can vary, but the recommended minimum is six words, Electrical and Electronics Engineering, 2013, pp. 497-501.
while for more security a length of up to nine words is [15] Diceware, [Online] Available: http://world.std.com/~reinhold/
advised. Each word in the passphrase yields 12.9 bits of diceware.html, accessed February 2018