Rainbow Cracking: Do you need to fear the Rainbow? Philippe Oechslin, Objectif Sécurité. OS Objectif Sécurité SA, Gland,
|
|
- Kristin Cross
- 7 years ago
- Views:
Transcription
1 ainbow Cracking: Do you need to fear the ainbow? Philippe Oechslin, Objectif Sécurité 1
2 On the menu 1. ainbow tables explained 2. Who is vulnerable 3. Tools and history 4. What you should do about it 2
3 Time-Memory Trade-Off (TMTO) o Problem: Inverse a function, e.g. a hash 2 h2 o Traditional attack: Brute Force Try every possible input to the hash until you find the correct one Needs massive amount of time, no memory o Generate a complete dictionary of hashes: Look the hash up, find the password immediately Needs no time, massive amount of memory o Time-Memory Trade-Off (TMTO): educe brute-force time by using memory 3
4 Martin ellman's Cryptanalytic TMTO o In 1980 ellman described an attack to inverse N values of a function: o Needs N calculations before the attack o For the attack N2/3 units of memory N2/3 calculations 80% success rate 4
5 The trade-off N T~ memory M2 N = number of passwords time decreases with the square of memory M time T 5
6 TMTO's are based on chains o Define a reduction function that creates a password from a hash 0 h0 h0 2 o Now create chains of passwords: 0 h0 2 h2 3 h3 9 o Create many chains and store only start and the end o We can not travel the chain backwards, but if we know the start, we can find any element 6
7 The trick: 0 h0 2 h2 3 h3 9 1 h1 3 h3 9 h9 6 4 h4 8 h8 7 h7 1 chain start chain end password given hash o Create a chain from the given hash o When you stumble upon an end that is stored in your table, look up the start and advance to the password 7
8 The problem with merges 0 h0 2 h2 3 h3 9 1 h1 3 h3 9 h9 6 4 h4 8 h8 7 h7 1 h5 7 h7 1 o The reduction function can give the same password for two different hashes merges o Even if you find an end in the table, you may not find the password in the chain false alarms 8
9 Multiple tables o The larger a table, the higher the chance that an additional chain will merge with an existing chain. the benefit of adding more chains decreases o It is more efficient to create several different tables based on different reduction functions 9
10 ainbow tables h0 h2 h h6 h3 h h3 h5 h o ainbow tables use a different reduction function for each step of the chains o Chains can only merge if they have the same password at the same position 10
11 ainbow tables are better o Because they have less merges, rainbow tables can be much larger o Larger tables are more efficient About 10 times more than previous versions o ainbow tables need less memory lookups than ellman's original tables 11
12 Who is vulnerable? o Password hashing schemes that add random data to passwords (salt) are not vulnerable o Most vulnerable hash: Windows LanMan hash (all caps, truncated at 7, DES) o Other vulnerable hashes Oracle System password hash (all caps, predictable salt, DES) Windows NT hash (MD4) Cisco PIX (MD5) MySql 3.23, MySql 4.1 without salt Many web based applications 12
13 Funny hashes o The Lanmanager hash LMash Password is cut into pieces of 7 chars esult: two half-hashes Lowercase letters are uppercase o Oracle hash Lowercase letters are uppercased Password is prepended with username before hashing johnny / bingo thus not equal to miller / bingo johnny / bingo equal to john / nybingo! The admin account is called SYSTEM on all DB's we can calculate the hashes of SYSTEM in advance 13
14 Tools and history o ainbow tables invented 2003 at EPFL / LASEC Making a Faster Cryptanalytic Time-Memory Trade-Off, Philippe Oechslin, CYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, 2003 o Instant NTCrack: developed for research 14 seconds for an alphanumeric LanMan hash o Advanced instant NTCrack: online demo summer 2003 alphanumeric LanMan hashes cracked in 7.7 seconds 14
15 o One million hits in three days 15
16 Other tools o September 2003: ainbowcrack by Zhu Shuanglei can be customized for other hashes o Using rainbowcrack, several sites offer(ed) online cracking sarca rainbow tables: rainbowcrack.com: community project, you can use the tables if you submit your own tables passcracking.ru, md5crack.com and many others o August 2004: ophcrack 1.0 with free tables for alphanumeric passwords new online demo cracks passwords in 1.6 seconds 16
17 Atstake LC5 (Symantec) 17
18 Cain (by MAO of oxid) 18
19 ophcrack 2, livecd o April 2005: ophcrack 2 released Windows and Linux GUI etrieves Windows hashes from encrypted SAM (no need to be administrator) hosted on ophcrack.sourceforge.net (48'000 downloads by now) o November 2005: ophcrack livecd insert CD, boot PC, watch passwords being broken 60'000 downloads 19
20 More tools: o August 2005 (defcon 13): The schmoo group offers free rainbowcrack tables (41GB) Announces new cracker project o November 2005: rainbowcrackonline.com large collection of tables to use online for a monthly fee o April 2006: ophcrack 2.2 with tableset WS-20k charset 0-9A-Za-z!\"#$%&'()*+,-./:;<=>?@[\]^_`{ }~ average time: 4 minutes table size 7.5GB (vs. 230GB for rainbowcrackonline) available at ($$$) 20
21 Demo 21
22 Demo: performance o Brute force: 30 days o Brute dictionnary: 48 terabytes o Trade-off 20'000 times faster than brute force 6'600 times less memory than brute dictionnary o Time spent creating the tables: 250 days 22
23 Friendly uses of ainbow tables o Protecting privacy in FID tags people don't want to be traced through the identifiers broadcast by their FID tags o Solution: Tag emits a sequence of random values Owner knows the initial value of the sequences of all his tags Tag is identified by owner by testing all possible values of all sequences (brute force, 3 minutes) With rainbow tables, tag can be read in milliseconds o educing Time Complexity in FID Systems, Avoine, Dysli and Oechslin, 12th Annual Workshop on Selected Areas in Cryptography (SAC'05),
24 Are passwords useful at all? o ainbow cracking benefits three times from Moore's law cracking time decreases linearly with processor speed and with the square of memory size Every year, crackers become 4 times faster! o More and more people band together to create rainbow tables o Soon, all your passwords are belong to us. 24
25 ow to protect yourself o Avoid broken password hashes disable LMhashes in Windows Why is this not the default? o Avoid unsalted hashes when possible ask your manufacturer to implement salted hashes Unix has it since almost 30 years o When you can't Use _very_ complex passwords 25
26 ainbow resistant passwords o To create rainbow tables all hashes have to be calculated once. o If the passwords are complex enough, auditors will not be able to complete the tables o Existing tables use 10 years of calculations for a complexity of 246 o Use a complexity which is at least 1'000'000 times as much (266), if you are not paranoid 26
27 ainbow resistant passwords o Character set: mixed case alpha + numbers + 33 special chars o LanMan: impossible because max length is 7 ( 243 ) o Oracle: length 11 because it uppercases the password o Other (NThash MD4, MD5, SA1,..): length 10 o If you are paranoid: length 20 (2128) o Better: used salted hashes. 27
28 Thank you for your attention, any questions? 28
Cracking Passwords With Time-memory Trade-offs. Gildas Avoine Université catholique de Louvain, Belgium
Cracking Passwords With Time-memory Trade-offs Gildas Avoine Université catholique de Louvain, Belgium SUMMARY Motivations Hellman Tables Oechslin Tables Real Life Examples Fingerprint Tables Conclusion
More informationA novel time-memory trade-off method for password recovery
available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/diin A novel time-memory trade-off method for password recovery Vrizlynn L.L. Thing*, Hwei-Ming Ying Institute for Infocomm
More informationPassword Cracking Beyond Brute-Force
Password Cracking Beyond Brute-Force by Immanuel Willi Most password mechanisms work by comparing a password against a stored reference value. It is insecure to store the whole password, so one-way functions
More informationVulnerability scanning
Mag. iur. Dr. techn. Michael Sonntag Vulnerability scanning Security and Privacy VSE Prag, 7-11.6.2010 E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information
More informationWindows XP Login Vulnerabilities
Windows XP Login Vulnerabilities A Case Study Using Ophcrack Yoan Hermida 12/1/2008 Hermida 2 Abstract This paper aims to demonstrate that the login process for Windows XP is inherently unsecure. It will
More informationAttacking NTLM with Precomputed Hashtables
Attacking NTLM with Precomputed Hashtables warlord warlord@nologin.org Contents 1 Introduction 2 2 The design of LM and NTLM 3 2.1 The LanMan disaster......................... 3 2.2 NTLM.................................
More informationVulnerability scanning
Mag. iur. Dr. techn. Michael Sonntag Vulnerability scanning Security and Privacy VSE Prag, 9-13.6.2008 E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information
More informationPASSWORD ATTACKS AND GENERATION STRATEGIES
PASSWORD ATTACKS AND GENERATION STRATEGIES Predrag Tasevski Tartu University, Faculty of Mathematics and Computer Sciences, major: Master of Science in Cyber Security Abstract. Nowadays, attacking the
More information2006-331: PASSWORD AUDITING TOOLS
2006-331: PASSWORD AUDITING TOOLS Mario Garcia, Texas A&M University-Corpus Christi American Society for Engineering Education, 2006 Page 11.985.1 Password Auditing Tools Abstract A goal of computer system
More informationCracking Salted Hashes
Overview: Cracking Salted Hashes Web Application Security: - The Do s and Don ts of Salt Cryptography Data Base security has become more critical as Databases have become more open. And Encryption which
More informationAC 2009-1697: EXPERIMENTS WITH COMPUTER PASSWORD CRACKING AND SHIELDING TECHNIQUES
AC 2009-1697: EXPERIMENTS WITH COMPUTER PASSWORD CRACKING AND SHIELDING TECHNIQUES Veeramuthu Rajaravivarma, State University of New York, Farmingdale V. Rajaravivarma is currently with the Electrical
More informationPassword Manager with 3-Step Authentication System
Password Manager with 3-Step Authentication System Zhelyazko Petrov, Razvan Ragazan University of Westminster, London z.petrov@my.westminster.ac.uk, razvan.ragazan@my.westminster.ac.uk Abstract: A big
More informationNESCO/NESCOR Common TFE Analysis: CIP-007 R5.3 Password Complexity
NESCO/NESCOR Common TFE Analysis: CIP-007 R5.3 Password Complexity National Electric Sector Cybersecurity Organization (NESCO)/NESCO Resource (NESCOR) DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITIES
More informationNETWORK SECURITY: How do servers store passwords?
NETWORK SECURITY: How do servers store passwords? Servers avoid storing the passwords in plaintext on their servers to avoid possible intruders to gain all their users passwords. A hash of each password
More informationGENEVA COLLEGE INFORMATION TECHNOLOGY SERVICES. Password POLICY
GENEVA COLLEGE INFORMATION TECHNOLOGY SERVICES Password POLICY Table of Contents OVERVIEW... 2 PURPOSE... 2 SCOPE... 2 DEFINITIONS... 2 POLICY... 3 RELATED STANDARDS, POLICIES AND PROCESSES... 4 EXCEPTIONS...
More informationDistributed Password Cracking with John the Ripper
Distributed Password Cracking with John the Ripper Computer Security Tufts Comp116 Author: Tyler Lubeck Email: Tyler@TylerLubeck.com Mentor: Ming Chow Contents Abstract... 2 Introduction... 3 To the Community...
More informationUNICRYPT: A CONSTRUCTIVE APPROACH TOWARDS RAINBOW TABLE VULNERABILITY
UNICRYPT: A CONSTRUCTIVE APPROACH TOWARDS RAINBOW TABLE VULNERABILITY Mohit Dagar 1, Nandit Saini 2, Himanshu Naresh 3, Ashish Sankla 4 1 Student, Computer Science Department, G.B Pant Govt. Engineering
More informationWindows 2003 Security Hints
Windows 2003 Security Hints christoph.schnidri@csnc.ch Security Event April 28, 2004 Pae 1 Aenda The Power of Group Policies Local Policies Active Directory Services (Oranizational Units) Group Policy
More informationWindows passwords security
IT Advisory Windows passwords security ADVISORY WHOAMI 2 Agenda The typical windows environment Local passwords Secure storage mechanims: Syskey & SAM File Password hashing & Cracking: LM & NTLM Into the
More informationWindows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours
Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and
More informationProtecting against modern password cracking
Protecting against modern password cracking Are passwords still an adequate form of authentication? by Yiannis Chrysanthou, MSc (RHUL, 2012), and Allan Tomlinson (supervisor), ISG, Royal Holloway istockphoto/ronen
More informationCRYPTANALYSIS OF HASH FUNCTIONS USING ADVANCED MULTIPROCESSING
CRYPTANALYSIS OF HASH FUNCTIONS USING ADVANCED MULTIPROCESSING Gómez J., Montoya F.G., Benedicto R., Jimenez A., Gil C. and Alcayde A. University of Almeria, Spain {jgomez, pagilm, rbenedicto, ajimenez,
More informationSpeeding up GPU-based password cracking
Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1,2 Lejla Batina 2,3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Who
More informationAll in a day's work: Password cracking for the rest of us
All in a day's work: Password cracking for the rest of us Jørgen Blakstad ITEM, NTNU Rune Walsø Nergård ITEM, NTNU Danilo Gligoroski ITEM, NTNU Martin Gilje Jaatun SINTEF ICT Abstract The majority of computer
More informationDatasäkerhet och integritet
Chapter 7 Host Hardening Important Server Operating Systems Vulnerabilities and Patches Managing Users and Groups Managing Permissions Creating Strong Passwords Testing for Vulnerabilities Threats to Hosts
More informationWindows servers. NT networks
Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member
More informationCracking 400,000 Passwords. Matt Weir Sudhir Aggarwal Florida State University
Cracking 400,000 Passwords Matt Weir Sudhir Aggarwal Florida State University Special Thanks: Dr. Sudhir Aggarwal Professor Breno de Medeiros National Institute of Justice National White Collar Crime Center
More informationIntro to Password Management. January 5, 2015
Intro to Password Management January 5, 2015 Listen up! A USERNAME and password combination has long been the standard security mechanism for online accounts. But that method just isn t cutting it anymore.
More informationINTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org
INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup
More informationENCRYPTION. The Perils of Using the Wrong Approach to USB Flash Drive Security. Only Hardware Ensures that Data Stays In and Malware Stays Out
ENCRYPTION The Perils of Using the Wrong Approach to USB Flash Drive Security Only Hardware Ensures that Data Stays In and Malware Stays Out January 9, 2008 IRONKEY ENCRYPTION 350 million USB flash drives
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationHack Your SQL Server Database Before the Hackers Do
Note: This article was edited in Oct. 2013, from numerous Web Sources. TJS At the Install: The default install for SQL server makes it is as secure as it will ever be. DBAs and developers will eventually
More informationBetter PHP Security Learning from Adobe. Bill Condo @mavrck PHP Security: Adobe Hack
Better PHP Security Learning from Adobe Quickly, about me Consultant! Senior Engineer! Developer! Senior Developer! Director of Tech! Hosting Manager! Support Tech 2014: Digital Director Lunne Marketing
More informationAttack Frameworks and Tools
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet
More informationCommon Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP
More informationHushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications
Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5
More informationOCS Virtual image. User guide. Version: 1.3.1 Viking Edition
OCS Virtual image User guide Version: 1.3.1 Viking Edition Publication date: 30/12/2012 Table of Contents 1. Introduction... 2 2. The OCS virtualized environment composition... 2 3. What do you need?...
More informationVoipSwitch Security Audit
VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has
More informationInternal Penetration Test
Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00
More informationSecure Encrypted Data Backup on a Budget Guide
Secure Encrypted Data Backup on a Budget Guide Introduction One of the most neglected areas of home computing and indeed with many small businesses, is data backup, and properly securing data backup. What
More informationLecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay
Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationE-Book Security Assessment: NuvoMedia Rocket ebook TM
E-Book Security Assessment: NuvoMedia Rocket ebook TM July 1999 Prepared For: The Association of American Publishers Prepared By: Global Integrity Corporation 4180 La Jolla Village Drive, Suite 450 La
More informationSecuring Password Storage Increasing Resistance to Brute Force Attacks
Securing Password Storage Increasing Resistance to Brute Force Attacks -john (Steven) Internal CTO @m1splacedsoul v0.4 Chandu Ketkar Technical Manager @cketkar Scott Matsumoto Principal Consultant @smatsumoto
More informationYour Password Complexity Requirements are Worthless. Rick Redman KoreLogic www.korelogic.com
Your Password Complexity Requirements are Worthless Rick Redman KoreLogic www.korelogic.com Introduction Rick Redman < rredman@korelogic.com > 88FB D23C 5AC1 8756 5690 6661 A933 6E99 4E2C EF75 Penetration
More informationCIS 8630. Business Computer Forensics and Incident Response. Lab Protocol 06: Password Cracking with Cain and Abel
CIS 8630 Business Computer Forensics and Incident Response Lab Protocol 06: Password Cracking with Cain and Abel Purpose: Ensure every student gains first-hand experience with password cracking tools.
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationTime-Memory Trade-Offs: False Alarm Detection Using Checkpoints
Time-Memory Trade-Os: False Alarm Detection Using Checkpoints Gildas Avoine 1, Pascal Junod 2, and Philippe Oechslin 1,3 1 EPFL, Lausanne, Switzerland 2 Nagravision SA (Kudelski Group), Switzerland 3 Objecti
More informationVERSION 9.02 INSTALLATION GUIDE. www.pacifictimesheet.com
VERSION 9.02 INSTALLATION GUIDE www.pacifictimesheet.com PACIFIC TIMESHEET INSTALLATION GUIDE INTRODUCTION... 4 BUNDLED SOFTWARE... 4 LICENSE KEY... 4 SYSTEM REQUIREMENTS... 5 INSTALLING PACIFIC TIMESHEET
More informationProject: Simulated Encrypted File System (SEFS)
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015 CS526: Information Security 1 Motivation Traditionally files are stored in the disk in plaintext. If the disk gets stolen by a perpetrator,
More informationEncrypting your external USB drive on Windows
Encrypting your external USB drive on Windows To prevent your important or personal information from falling into the wrong hands, you can easily encrypt the files on your USB-drive with a password. Windows,
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationPORTABLE OPERATING SYSTEMS AND INFORMAITON SECURITY RISKS
Portable Operating Systems and Information Security Risks 1 PORTABLE OPERATING SYSTEMS AND INFORMAITON SECURITY RISKS Portable Operating Systems and Information Security Risks Thomas S. Hyslip East Carolina
More informationPasswords the server side
Passwords the server side A tour of decreasingly bad ideas regarding server-side password handling. Thomas Waldmann @ EuroPython 2013 Disclaimer I am not a crypto or security expert, just a caring developer
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationWireless Network Security - How to Analyse Different Protocols
A WEAKEST CHAIN APPROACH TO ASSESSING THE OVERALL EFFECTIVENESS OF THE 802.11 WIRELESS NETWORK SECURITY Berker Tasoluk 1 and Zuhal Tanrikulu 2 1 Department of Informatics, Istanbul University, Istanbul,
More informationbest practices for encryption in android
best practices for encryption in android SUBHEADER VALUE PROPOSTION STATEMENT GOES HERE developer.motorola.com/enterprise WHITE PAPER BEST PRACTICES FOR ENCRYPTION IN ANDROID 2 introduction Android has
More informationTHE PENNSYLVANIA STATE UNIVERSITY OFFICE OF HUMAN RESOURCES PASSWORD USAGE POLICY
THE PENNSYLVANIA STATE UNIVERSITY OFFICE OF HUMAN RESOURCES PASSWORD USAGE POLICY 1.0 Purpose The purpose of this policy is to establish Office of Human Resources (OHR) standards for creation of strong
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationCAPITAL UNIVERSITY PASSWORD POLICY
1.0 Overview Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Capital University's
More informationNetwork Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015
Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationA+ Practical Applications Solution Key
A+ Practical Applications Solution Key Module 1 Assignment: Introducing Microsoft Windows - answer the following questions: 1. What attributes are available in the NTFS file system that are not available
More informationLand Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation
Land Information New Zealand (LINZ) SALT Database Migration from original hardware to virtualised hardware: Process Documentation Contents Migration from original hardware to virtualised hardware: Process
More informationWhat users should know about Full Disk Encryption based on LUKS
What users should know about Full Disk Encryption based on LUKS Andrea VISCONTI Department of Computer Science Università degli Studi di Milano BunnyTN15 andrea.visconti@unimi.it December 17, 2015 1 /
More informationA Three Level Graphical Password Scheme for Providing High Degree of Security
A Three Level Graphical Password Scheme for Providing High Degree of Security Pranita H. Mokal 1, R. N. Denikar 2 1 Pune University, Amrutvahini College of Engineering, Sangamner-422605 2 Professor, Pune
More informationPassware Kit User Guide
Passware Kit User Guide www.lostpassword.com Overview of the Passware Kit You can use the Passware Kit to recover lost file, e-mail, and Internet passwords, as well as search for password-protected files.
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationOutline: Operating Systems
Outline: Operating Systems What is an OS OS Functions Multitasking Virtual Memory File Systems Window systems PC Operating System Wars: Windows vs. Linux 1 Operating System provides a way to boot (start)
More information256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE
256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE USB 3.0 USB 2.0 SSD integralmemory.com About Us Introducing Integral Memory plc are one of the largest digital memory producers in Europe with more than 20
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationUsing the Client Encryption Manager
CHAPTER 4 This chapter explains how to use the Client Encryption Manager (CEM) utility to set a Wired Equivalent Privacy (WEP) key for your client adapter. The following topics are covered in this chapter:
More informationPhysical Design. Meeting the needs of the users is the gold standard against which we measure our success in creating a database.
Physical Design Physical Database Design (Defined): Process of producing a description of the implementation of the database on secondary storage; it describes the base relations, file organizations, and
More informationKiwi SyslogGen. A Freeware Syslog message generator for Windows. by SolarWinds, Inc.
Kiwi SyslogGen A Freeware Syslog message generator for Windows by SolarWinds, Inc. Kiwi SyslogGen is a free Windows Syslog message generator which sends Unix type Syslog messages to any PC or Unix Syslog
More informationIntroduction to bioknoppix: Linux for the life sciences
Introduction to bioknoppix: Linux for the life sciences Carlos M Rodríguez Rivera Humberto Ortiz Zuazaga Who are we? Short: Bunch of computer geeks. Long: The High Performance Computing facility of the
More information256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE
256-bit AES HARDWARE ENCRYPTED PRODUCT RANGE USB 3.0 USB 2.0 SSD integralmemory.com About Us Introducing Integral Memory plc are one of the largest digital memory producers in Europe with more than 20
More informationThe State of Modern Password Cracking
SESSION ID: PDAC-W05 The State of Modern Password Cracking Christopher Camejo Director of Threat and Vulnerability Analysis NTT Com Security @0x434a Presentation Overview Password Hashing 101 Getting Hashes
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationInternet Banking Two-Factor Authentication using Smartphones
Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania
More informationPenetration: from Application down to OS
April 13, 2010 Penetration: from Application down to OS Getting OS Access Using Lotus Domino Application Server Vulnerabilities Digitаl Security Research Group (DSecRG) www.dsecrg.com Alexandr Polyakov.
More informationPASSWORD CRACKING BASED ON LEARNED PATTERNS FROM DISCLOSED PASSWORDS. Received December 2011; revised April 2012
International Journal of Innovative Computing, Information and Control ICIC International 2013 ISSN 1349-4198 Volume 9, Number 2, February 2013 pp. 821 839 PASSWORD CRACKING BASED ON LEARNED PATTERNS FROM
More informationEECS 588: Computer and Network Security. Introduction
EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationGrandstream Networks, Inc. UCM6100 Security Manual
Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL
More informationOne-time Signature Protocols for Signing Routing Messages
One-time Signature Protocols for Signing Routing Messages Kan Zhang Cambridge University kz200@cl.cam.ac.uk Attacks on Routing Protocols Replay of old routing messages Inserting bogus routing messages
More informationPASSWORD CRACKING BASED ON SPECIAL KEYBOARD PATTERNS. Received September 2010; revised January 2011
International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 1(A), January 2012 pp. 387-402 PASSWORD CRACKING BASED ON SPECIAL KEYBOARD
More informationALL1682511. 500Mbits Powerline WLAN N Access Point. User s Manual
ALL1682511 500Mbits Powerline WLAN N Access Point User s Manual Contents 1. Introduction...1 2. System Requirements...1 3. Configuration...1 4. WPS...9 5. Wireless AP Settings...9 6. FAQ... 15 7. Glossary...
More informationDatabase Extension 1.5 ez Publish Extension Manual
Database Extension 1.5 ez Publish Extension Manual 1999 2012 ez Systems AS Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License,Version
More informationProactive is better than reactive
Proactive is better than reactive testing password safety a key to securing a corporate network Copyright (c) 2007 ElcomSoft Co.Ltd. Contents Introduction 3 Not all passwords are created equal 4 How to
More informationRFG Secure FTP. Web Interface
RFG Secure FTP Web Interface Step 1: Getting to the Secure FTP Web Interface: Open your preferred web browser and type the following address: http://ftp.raddon.com After you hit enter, you will be taken
More informationQuick DDNS Quick Start Guide
Quick DDNS Quick Start Guide DDNS 快 速 指 导 手 册 1 / 11 Before Use The device must be connected to the Internet, please check if the connection works properly. Please confirm Internet access port is open
More information1.2 Using the GPG Gen key Command
Creating Your Personal Key Pair GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to
More informationIBM i Version 7.2. Security Service Tools
IBM i Version 7.2 Security Service Tools IBM i Version 7.2 Security Service Tools Note Before using this information and the product it supports, read the information in Notices on page 37. This edition
More informationKarsten Nohl, karsten@srlabs.de. Breaking GSM phone privacy
arsten Nohl, karsten@srlabs.de Breaking GSM phone privacy GSM is global, omnipresent and wants to be hacked 80% of mobile phone market 200+ countries 5 billion users! GSM encryption introduced in 1987
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationJune 2014 WMLUG Meeting Kali Linux
June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed
More information