Spelling suggestions: "subject:"password cracking"" "subject:"passwords cracking""
1 |
A STUDY ON HOMOPHONE WORDS IN THE DICTIONARY-BASED PASSWORD CRACKINGMandapaka, Ajay 01 December 2017 (has links)
Password cracking based on dictionary attacks have been confined only to the use of dictionary strings which make sense to both humans and the computer or are usually alphanumeric keyboard patterns. But here we also try to extend the dictionary attacks to homophones which the millennials tend to use more often. The word LOVE is used as LUV, LAV. Based on the pronunciation of a word there can be many spellings to it. Phoneme to Grapheme Correspondences have a great amount of significance here. So here in this research we try to incorporate all such words in the attacking dictionary with the highest possible probabilities to see if it has any impact on the password cracking efficiency. We use the probabilistic context-free grammar password cracker to see what our test results yield.
|
2 |
Comparison of Automated Password Guessing StrategiesLundberg, Tobias January 2019 (has links)
This thesis examines some of the currently available programs for password guessing, in terms of designs and strengths. The programs Hashcat, OMEN, PassGAN, PCFG and PRINCE were tested for effectiveness, in a series of experiments similar to real-world attack scenarios. Those programs, as well as the program TarGuess, also had their design examined, in terms of the extent of how they use different important parameters. It was determined that most of the programs use different models to deal with password lists, in order to learn how new, similar, passwords should be generated. Hashcat, PCFG and PRINCE were found to be the most effective programs in the experiments, in terms of number of correct password guessed each second. Finally, a program for automated password guessing based on the results was built and implemented in the cyber range at the Swedish defence research agency.
|
3 |
Leveraging an Active Directory for the Generation of HoneywordsLundström, Johan January 2018 (has links)
Honeywords, fake passwords that when used by an adversary are set to trigger an alarm, is one way of detecting security breaches. For them to be effective, however, they must resemble real passwords as closely as possible and thus, the construction of the honeywords is crucial. In this thesis, a new model for generating honeywords, PII-Syntax, is presented that was built in part on a previous model but reworked and adapted to meet new requirements. The purpose of the study was to investigate whether an Active Directory, (AD) could be used as a resource in the construction of honeywords. The assumption was that the AD contains information about real system users that could be leveraged to create high-quality honeywords because of the very fact that they are based on actual users. It is a well-known fact that many users have a natural inclination towards incorporating personal information when choosing their passwords, information that can be leveraged by an adversary making the passwords easier to retrieve. The proposed model capitalizes on this fact and bases the honeyword generation process on users’ personally identifiable information, PII. The motivation for this is to enhance the quality of the honeywords, i.e. making them more plausible from the perspective of the adversary. The resulting model performed equally well or better than all existing honeyword generation algorithms to which it was compared with regard to flatness, DoS resistivity, multiple system vulnerability and storage cost. The most important contribution, however, is the inclusion of users’ personal information in the generation of the honeywords that ultimately help strengthen the security of password-based authentication systems. Contributions from this thesis include a novel manner in which to approach a well-known problem, both in a theoretical as well as a practical sense: PII-Syntax is a new honeyword generation algorithm that apart from performing equally well or better than previous algorithms brings an added value of believability to the generated honeywords because of the inclusion of users’ personal information found in an AD.
|
4 |
Analýza technologií pro distribuci výpočtu při lámání hesel / Analysis of Distributed Computing Technologies for Password CrackingMráz, Patrik January 2019 (has links)
The goal of this thesis is to analyze the technologies for distributed computing in password cracking. Distribution is a key factor regarding the total time of cracking the password which can sometimes take up to tens of years. In the introductory section we take a look at the general password cracking, types of attacks and the most popular tools. Next we address the GPU parallelization as well as the need of distributed computing on multiple computers. We look at all kinds of technologies, such as VirtualCL, BOINC, MPI and analyze their usability in password cracking. We examine each technology's performance, efficiency, scalability and adaptability when given pre-defined conditions. Part of this thesis is a design and implementation of distributed password cracking using MPI technology along with Hashcat, a self-proclaimed World's fastest password cracker.
|
5 |
Optimalizace distribuce úloh v systému Fitcrack / Optimization of Task Distribution in Fitcrack SystemŽenčák, Tomáš January 2020 (has links)
The goal of this thesis is the optimization of task distribution in the Fitcrack system. The improvement is reached by way of increasing the accuracy of the estimation of the computational power of worker nodes, and the prevention of the creation of extremely small tasks, as well as increasing the efficiency of the transfer of the tasks to the worker nodes. In this thesis, the current state of the Fitcrack system is described, tested, and evaluated. This thesis then describes the weak points of the current implementation, proposes ways of remediating them and describes, tests and evaluates the implementation of those proposals.
|
6 |
Modeling Rational Adversaries: Predicting Behavior and Developing DeterrentsBenjamin D Harsha (11186139) 26 July 2021 (has links)
In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords.
|
7 |
Measuring the impact of information security awareness on social networks through password crackingOkesola, Julius Olatunji 12 1900 (has links)
Since social networks (SNs) have become a global phenomenon in almost every industry, including airlines and banking, their security has been a major concern to most stakeholders. Several security techniques have been invented towards this but information security awareness (hereafter “awareness”) remains the most essential amongst all. This is because users, an important component of awareness, are a big problem on the SNs regardless of the technical security implemented. For SNs to improve on their awareness techniques or even determine the effectiveness of these security techniques, many measurement and evaluation techniques are in place to ascertain that controls are working as intended.
While some of these awareness measurement techniques are inexpensive, effective and efficient to some extent, they are all incident-driven as they are based on the occurrence of (an) incident(s). In addition, these awareness measurement techniques may not present a true reflection of awareness, since many cyber incidents are often not reported. Hence, they are generally adjudged to be post mortem and risk-permissive. These limitations are major and unacceptable in some industries such as insurance, airlines and banking, where the risk tolerance level is at its lowest. This study therefore aims to employ a technical method to develop a non-incident statistics approach of measuring awareness efforts. Rather than evaluating the effectiveness of awareness efforts by the success of attacks or occurrence of an event, password cracking is presented and implemented to proactively measure the impacts of awareness techniques in SNs. The research encompasses the development and implementation of an SN – sOcialistOnline, the literature review of the past related works, indirect observation (available information), survey (as a questionnaire in a quiz template), and statistical analysis. Consequently, measurement of awareness efforts is shifted from detective and corrective paradigms to preventive and anticipatory paradigms, which are the preferred information security approaches going by their proactive nature. / Engineering, Science & Technology / D. Phil (Computer Science)
|
8 |
Measuring the impact of information security awareness on social networks through password crackingOkesola, Julius Olatunji 12 1900 (has links)
Since social networks (SNs) have become a global phenomenon in almost every industry, including airlines and banking, their security has been a major concern to most stakeholders. Several security techniques have been invented towards this but information security awareness (hereafter “awareness”) remains the most essential amongst all. This is because users, an important component of awareness, are a big problem on the SNs regardless of the technical security implemented. For SNs to improve on their awareness techniques or even determine the effectiveness of these security techniques, many measurement and evaluation techniques are in place to ascertain that controls are working as intended.
While some of these awareness measurement techniques are inexpensive, effective and efficient to some extent, they are all incident-driven as they are based on the occurrence of (an) incident(s). In addition, these awareness measurement techniques may not present a true reflection of awareness, since many cyber incidents are often not reported. Hence, they are generally adjudged to be post mortem and risk-permissive. These limitations are major and unacceptable in some industries such as insurance, airlines and banking, where the risk tolerance level is at its lowest. This study therefore aims to employ a technical method to develop a non-incident statistics approach of measuring awareness efforts. Rather than evaluating the effectiveness of awareness efforts by the success of attacks or occurrence of an event, password cracking is presented and implemented to proactively measure the impacts of awareness techniques in SNs. The research encompasses the development and implementation of an SN – sOcialistOnline, the literature review of the past related works, indirect observation (available information), survey (as a questionnaire in a quiz template), and statistical analysis. Consequently, measurement of awareness efforts is shifted from detective and corrective paradigms to preventive and anticipatory paradigms, which are the preferred information security approaches going by their proactive nature. / Engineering, Science and Technology / D. Phil (Computer Science)
|
9 |
Distribuovaná obnova hesel s využitím nástroje hashcat / Distributed Password Recovery Using Hashcat ToolZobal, Lukáš January 2018 (has links)
The aim of this thesis is a distributed solution for password recovery, using hashcat tool. The basis of this solution is password recovery tool Fitcrack, developed during my previous work on TARZAN project. The jobs distribution is done using BOINC platform, which is widely used for volunteer computing in a variety of scientific projects. The outcome of this work is a tool, which uses robust and reliable way of job distribution across a local or the Internet network. On the client side, fast and efficient password recovery process takes place, using OpenCL standard for acceleration of the whole process with the use of GPGPU principle.
|
10 |
Lámání hesel pomocí algoritmu PRINCE v systému Fitcrack / Password Cracking Using PRINCE Algorithm and Fitcrack SystemBolvanský, Dávid January 2020 (has links)
The PRINCE algorithm is a faster and more advanced version of a combination attack. Non-distributed password breaking often encounters its limits, and its applicability to real tasks decreases due to the increasing demand for computing resources of the device. The aim of this work is to design a distributed version of the the PRINCE attack as an extension of Fitcrack system, which focuses on distributed password cracking. The proposed design is implemented and integrated into the Fitcrack system. The work examines the PRINCE attack on a set of experiments, which examines the impact of various configuration options. Part of the experimental part is a comparison of the PRINCE attack with the dictionary and combination attack. The purpose of the comparison is to find cases where the PRINCE attack is better than other attacks. Finally, the integrated PRINCE attack solution in the Fitcrack system is compared with the solution implemented in the Hashtopolis system.
|
Page generated in 0.0721 seconds