Developing a passwordgenerating software : Regarding password memorability and security / Utveckling av programvara förlösenordsgenerering : Avseende till minnesvärdhet och säkerhet gällande lösenord

Mogaddam, Anton, Muhammad, Khan

January 2022

With the growth of digital information and technology, more websites require user authentication to access individuals' sensitive information. The main form of authentication are passwords which if chosen unwisely can easily be guessed or cracked by someone else. This is why it is important to create safe yet memorable passwords. The goal of this report was to develop a program that is able to detect commonly used patterns within passwords in order to transform a specified user inputted password into a more secure password without sacrificing the memorability of the original input. This was realized by analyzing lists of common passwords and partaking in a literature study within this field to identify the patterns present within those password lists. Based on the pattern analysis the program could be designed and developed using python to transform a password into three different password classes with differing levels of security and memorability. The password cracking software hashcat as well as online resources were used to estimate the time it would crack each set of passwords to then gain an understanding of the security levels between them. Results show that it is possible to perform password generation without sacrificing too much security while still having the passwords somewhat memorable. / Med framväxten av digital information och teknik kräver fler webbplatser användarautentisering för att få tillgång till individers känsliga information. Den huvudsakliga formen av autentisering är lösenord, och om de väljs oklokt, kan lätt gissas eller knäckas av någon annan. Det är därför det är viktigt att skapa säkra men ändå minnesvärda lösenord. Målet med denna rapport var att utveckla ett program som kan upptäcka vanliga mönster i lösenord för att omvandla ett specifikt användar inmatat lösenord till ett säkrare lösenord utan att offra minnesvärdheten av den ursprungliga inmatningen. Detta förverkligas genom att analysera listor med vanliga lösenord och delta i en litteraturstudie inom detta område för att identifiera mönstren som finns i dessa lösenordslistor. Baserat på mönsteranalysen kunde programmet designas och utvecklas med Python för att omvandla ett lösenord in till tre olika lösenordsklasser med olika nivåer av säkerhet och minnesvärdhet. Mjukvaran ”hashcat” (ett lösenordsåterställningsverktyg) samt resurser från nätet användes för att uppskatta den tid det skulle ta att knäcka varje uppsättning av lösenord för att sedan få en förståelse för säkerhetsnivåerna mellan dem. Resultaten visar att det är möjligt att digitalt generera lösenord utan att offra för mycket säkerhet, samtidigt som lösenorden behåller minnesvärdheten.

Passwords

keyboard patterns

password memorability

Python

Hashcat

Lösenord

tangentbords mönster

minnesvärdhet för lösenord

Python

Hashcat

Computer Sciences

Datavetenskap (datalogi)

Strategie distribuovaného lámání hesel / Strategies for Distributed Password Cracking

Večeřa, Vojtěch

January 2019

This thesis introduces viable password recovery tools and their categories as well as the technologies and hardware commonly used in this field of informatics. It follows by an overview of the available benchmarking tools for the given hardware. Thesis later contains a description of the custom benchmarking process targeting the aspects of interest. Later, the thesis moves to a distributed system FITcrack as it proposes and experimentally implements new features. The thesis finishes by comparison of the additions against the original state and highlights the areas of improvement.

Analýza technologií pro distribuci výpočtu při lámání hesel / Analysis of Distributed Computing Technologies for Password Cracking

Mráz, Patrik

January 2019

The goal of this thesis is to analyze the technologies for distributed computing in password cracking. Distribution is a key factor regarding the total time of cracking the password which can sometimes take up to tens of years. In the introductory section we take a look at the general password cracking, types of attacks and the most popular tools. Next we address the GPU parallelization as well as the need of distributed computing on multiple computers. We look at all kinds of technologies, such as VirtualCL, BOINC, MPI and analyze their usability in password cracking. We examine each technology's performance, efficiency, scalability and adaptability when given pre-defined conditions. Part of this thesis is a design and implementation of distributed password cracking using MPI technology along with Hashcat, a self-proclaimed World's fastest password cracker.

Optimalizace distribuce úloh v systému Fitcrack / Optimization of Task Distribution in Fitcrack System

Ženčák, Tomáš

January 2020

The goal of this thesis is the optimization of task distribution in the Fitcrack system. The improvement is reached by way of increasing the accuracy of the estimation of the computational power of worker nodes, and the prevention of the creation of extremely small tasks, as well as increasing the efficiency of the transfer of the tasks to the worker nodes. In this thesis, the current state of the Fitcrack system is described, tested, and evaluated. This thesis then describes the weak points of the current implementation, proposes ways of remediating them and describes, tests and evaluates the implementation of those proposals.

Distribuovaná obnova hesel s využitím nástroje hashcat / Distributed Password Recovery Using Hashcat Tool

Zobal, Lukáš

January 2018

The aim of this thesis is a distributed solution for password recovery, using hashcat tool. The basis of this solution is password recovery tool Fitcrack, developed during my previous work on TARZAN project. The jobs distribution is done using BOINC platform, which is widely used for volunteer computing in a variety of scientific projects. The outcome of this work is a tool, which uses robust and reliable way of job distribution across a local or the Internet network. On the client side, fast and efficient password recovery process takes place, using OpenCL standard for acceleration of the whole process with the use of GPGPU principle.

Lámání hesel pomocí algoritmu PRINCE v systému Fitcrack / Password Cracking Using PRINCE Algorithm and Fitcrack System

Bolvanský, Dávid

January 2020

The PRINCE algorithm is a faster and more advanced version of a combination attack. Non-distributed password breaking often encounters its limits, and its applicability to real tasks decreases due to the increasing demand for computing resources of the device. The aim of this work is to design a distributed version of the the PRINCE attack as an extension of Fitcrack system, which focuses on distributed password cracking. The proposed design is implemented and integrated into the Fitcrack system. The work examines the PRINCE attack on a set of experiments, which examines the impact of various configuration options. Part of the experimental part is a comparison of the PRINCE attack with the dictionary and combination attack. The purpose of the comparison is to find cases where the PRINCE attack is better than other attacks. Finally, the integrated PRINCE attack solution in the Fitcrack system is compared with the solution implemented in the Hashtopolis system.