Submitted by: Submitted by anuragjain
Views: 10
Words: 1257
Pages: 6
Category: Literature
Date Submitted: 03/18/2016 11:27 PM
Password Cracking and Sniffing
• Agenda
!
!
!
!
!
Storing Passwords on the system
Password Cracking on Windows and Linux
Defenses against Password cracking
Sniffing
Defenses against Sniffing
ECE 4883 - Internetwork Security
1
Cracking Passwords
• Passwords that can be guessed easily are
a problem
• Lots of tools available to figure out
passwords
• L0phtcrack windows password cracker
• “John the Ripper” Unix password cracker
• Default passwords remaining on a system
are a typical vulnerability
ECE 4883 - Internetwork Security
2
Password storage
• Password files have passwords stored in a hashed or
encrypted form
• Hash algorithm example is message digest 4 (MD4)
• Encrypted algorithm example is Data Encryption
Standard (DES)
• When you use your password, it is hashed or encrypted
and then compared to the stored value
• Crackers use a downloaded local copy of password file
on their own machine
ECE 4883 - Internetwork Security
3
Storing Passwords
• Systems have a file with all hashed/encrypted
passwords
! Windows – SAM (Security Accounts Manager) database
! UNIX - /etc/passwd or /etc/shadow
• Access to these files can make it easy for a
hacker to break in
ECE 4883 - Internetwork Security
4
Windows Passwords
• Security Accounts Manager (SAM) has two versions for each
password
• LanMan (LM) password version for backward compatibility with
windows workgroups
• NT Hash – cryptographic hash for windows NT/2000 (Uses MD4)
• SAM file is in \WINNT\system32\config\ directory which is a binary
file that is hard to read
• Back up copy stored in \WINNT\repair
ECE 4883 - Internetwork Security
5
Using Passwords
• System has a hashed/encrypted version of the password stored
in a file
• On login attempt–
! system hashes/encrypts the password typed in by using for
example crypt() function in linux
! Compares hashed/encrypted value to stored
hashed/encrypted value
! Idea behind...