Choosing a password breaking strategy with imposed time restrictions

Biuletyn Wojskowej Akademii Technicznej Pub Date : 2019-03-29 DOI:10.5604/01.3001.0013.1467

Przemysław Rodwald

{"title":"Choosing a password breaking strategy with imposed time restrictions","authors":"Przemysław Rodwald","doi":"10.5604/01.3001.0013.1467","DOIUrl":null,"url":null,"abstract":"The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases.\nKeywords: passwords, breaking passwords, hash functions, computer forensics.\n\n","PeriodicalId":9068,"journal":{"name":"Biuletyn Wojskowej Akademii Technicznej","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Biuletyn Wojskowej Akademii Technicznej","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5604/01.3001.0013.1467","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases. Keywords: passwords, breaking passwords, hash functions, computer forensics.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

选择有时间限制的密码破解策略

本文的目的是介绍在攻击者(法医调查员、法庭专家、渗透测试人员)施加时间限制的情况下的密码破解方法。这是许多法律调查中的典型情况，即计算机被法律当局扣押，但它们受到密码的保护。一开始，介绍了该问题的法律现状，以及获取证据的良好做法。然后，介绍了信息系统中静态密码的存储方式，并介绍了各种类型的密码破解方法(字典、暴力破解、规则破解、组合破解、掩码破解、混合破解等)。还列出了支持此过程的最流行的工具。论文的主要部分介绍了对具有时间约束的单个散列密码进行攻击的原始策略。讨论了四种不同硬件解决方案(笔记本电脑、游戏电脑、带有6个GPU的钻机、云计算)的成本和经济效率。以作者在实际法律案件中进行的两次实际攻击为例进行了计算。关键词:密码，破解密码，哈希函数，计算机取证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Biuletyn Wojskowej Akademii Technicznej

自引率

0.00%

发文量

审稿时长

16 weeks