Difference between revisions of "Dictionary attack"
Line 1: | Line 1: | ||
− | A '''''dictionary attack''''' is form of lookup attack used to crack passwords even when the passwords have been obscured with a hash function. | + | A '''''dictionary attack''''' is form of lookup attack used to crack passwords even when the passwords have been obscured with a hash function. |
+ | |||
+ | ==Process== | ||
+ | ===Step 1: Obtain a Password Table=== | ||
+ | This is the most difficult part of the attack, as system administrators don't just give away user's passwords. Obtaining a password table usually means being able to defeat a system's security or buying one from an anonymous source. Also, since it is a security flaw for even admins to know what a user's password is, the passwords in the table are almost always obfuscated through a one-way hash function. So, when you look at a password table, it may look something like this: | ||
{| class="wikitable" | | {| class="wikitable" | | ||
− | ! | + | ! User !! Password |
+ | |- | ||
+ | | smithr || <tt>5EBE2294ECD0E0F08EAB7690D2A6EE69</tt> | ||
+ | |- | ||
+ | | jonesd || <tt>0CC175B9C0F1B6A831C399E269772661</tt> | ||
+ | |- | ||
+ | | doej || <tt>92EB5FFEE6AE2FEC3AD71C777531578F</tt> | ||
|- | |- | ||
− | | | + | | johnsonk || <tt>25D55AD283AA400AF464C76D713C07AD</tt> |
+ | |- | ||
+ | | williamsd || <tt>21232F297A57A5A743894A0E4A801FC3</tt> | ||
+ | |} | ||
+ | |||
+ | In this case, the passwords have been run through an MD5 hash function which cannot be reversed. When a user logs in, the computer will first apply the hash to the password they typed in, and compare it with the one on file to ensure a match. This way, the plaintext password is only even known by the user. So then, how can a password cracker ever determine a user's password? This is where the dictionary attack comes into play. | ||
+ | |||
+ | ===Step 2: Obtain a List of Commonly Used Password=== | ||
+ | This is particularly easy since many crackers have already done the hard work and compiled [https://en.wikipedia.org/wiki/List_of_the_most_common_passwords lists of commonly used passwords]. Here is an example list: | ||
+ | |||
+ | {| class="wikitable" | | ||
+ | ! Common Password | ||
+ | |- | ||
+ | | 12345678 | ||
+ | |- | ||
+ | | admin | ||
+ | |- | ||
+ | | god | ||
+ | |- | ||
+ | | password | ||
+ | |- | ||
+ | | secret | ||
+ | |} | ||
+ | |||
+ | ===Step 3: Run the Same Hash On the List of Common Passwords=== | ||
+ | Hash functions used to obfuscate passwords cannot be reversed, but they can be repeated. To do this, a cracker must know the exact same hash function used to obfuscate the passwords in the stolen password table. This isn't too difficult, since only a few are commonly used. From here, the cracker runs all the commonly used passwords through the same hash function and gets a list of the hashes for each of the passwords. | ||
+ | |||
+ | {| class="wikitable" | | ||
+ | ! Common Password !! MD5 Hash | ||
+ | |- | ||
+ | | 12345678 || <tt>25D55AD283AA400AF464C76D713C07AD</tt> | ||
|- | |- | ||
| admin || <tt>21232F297A57A5A743894A0E4A801FC3</tt> | | admin || <tt>21232F297A57A5A743894A0E4A801FC3</tt> | ||
Line 12: | Line 52: | ||
| password || <tt>5F4DCC3B5AA765D61D8327DEB882CF99</tt> | | password || <tt>5F4DCC3B5AA765D61D8327DEB882CF99</tt> | ||
|- | |- | ||
− | | | + | | secret || <tt>5EBE2294ECD0E0F08EAB7690D2A6EE69</tt> |
+ | |} | ||
+ | |||
+ | I should point out that the MD5 hash function is not a cryptographically secure hash function and should never be used to store passwords. I'm just using it for this example. | ||
+ | |||
+ | ===Step 4: Compare Against the Password Table=== | ||
+ | Once the dictionary of hashes has been generated, the cracker need simply look for matches in the hashes between the stolen password table and their dictionary. A match indicates that the user chose the password in the table. | ||
+ | |||
+ | {| class="wikitable" | | ||
+ | ! User !! Password !! Match From Dictionary | ||
+ | |- | ||
+ | | smithr || <tt>5EBE2294ECD0E0F08EAB7690D2A6EE69</tt> || secret | ||
|- | |- | ||
− | | secret || <tt>5EBE2294ECD0E0F08EAB7690D2A6EE69</tt> | + | | jonesd || <tt>0CC175B9C0F1B6A831C399E269772661</tt> || -no match- |
+ | |- | ||
+ | | doej || <tt>92EB5FFEE6AE2FEC3AD71C777531578F</tt> || -no match- | ||
+ | |- | ||
+ | | johnsonk || <tt>25D55AD283AA400AF464C76D713C07AD</tt> || 12345678 | ||
+ | |- | ||
+ | | williamsd || <tt>21232F297A57A5A743894A0E4A801FC3</tt> || admin | ||
+ | |} | ||
+ | |||
+ | This method will identify every password in the stolen password table that matches one in the dictionary of commonly used passwords, which, in common practice, is often over half. | ||
+ | |||
+ | Since computers are very fast at generating hash functions and comparing values between two tables, a dictionary attack with millions of commonly used passwords can be carried out against a table of millions of user passwords in a matter of minutes. | ||
+ | |||
+ | ==Defenses== | ||
+ | ===Salt=== | ||
+ | In order to combat dictionary attacks, most modern password tables first apply a salt to passwords before sending them through a hash function. A salt is a modification to a password so that it will yield a completely different hash. For example, the password below have been salted by adding a question mark to the beginning of them before being hashed, which gives an MD5 hash that is totally different from the hash without the question mark. | ||
+ | |||
+ | {| class="wikitable" | | ||
+ | ! Common Password !! MD5 Hash !! Salted Hash | ||
+ | |- | ||
+ | | 12345678 || <tt>25D55AD283AA400AF464C76D713C07AD</tt> || <tt>9F7128DB15B794862C8E96A819379D94</tt> | ||
+ | |- | ||
+ | | admin || <tt>21232F297A57A5A743894A0E4A801FC3</tt> || <tt>C0D28ABB7D0C94329B81AA112518ADA0</tt> | ||
+ | |- | ||
+ | | god || <tt>A4757D7419FF3B48E92E90596F0E7548</tt> || <tt>27DE47E3C4C4205ED02216C2A51AF071</tt> | ||
+ | |- | ||
+ | | password || <tt>5F4DCC3B5AA765D61D8327DEB882CF99</tt> || <tt>1007980A168F839AA8C4689C7FBDDB0E</tt> | ||
+ | |- | ||
+ | | secret || <tt>5EBE2294ECD0E0F08EAB7690D2A6EE69</tt> || <tt>D3A4FE3D71CD8546AA9BEC89F0D686DF</tt> | ||
|} | |} | ||
− | + | When using a salt, the program that handles user passwords must not only apply the salt when storing the password into the password table, but it must also apply the salt to the password each time a user logs in to make sure it will match the hash in the password table. | |
− | + | A salted password table adds a layer of security because, in order for a dictionary attack to work, the dictionary of hashes must be generated with the passwords and the salt. So, if the cracker doesn't know the salt, all of the password will fail to find a match. However, if a cracker defeated a system's security well enough to make a copy of the password table, they probably also made a copy of the program that adds the salt. So, a salt will not stop a cracker, because they will be able to determine how the salt was added and apply it to their password dictionary, but it will slow them down. | |
==Links== | ==Links== |
Revision as of 13:20, 16 October 2017
A dictionary attack is form of lookup attack used to crack passwords even when the passwords have been obscured with a hash function.
Contents
Process
Step 1: Obtain a Password Table
This is the most difficult part of the attack, as system administrators don't just give away user's passwords. Obtaining a password table usually means being able to defeat a system's security or buying one from an anonymous source. Also, since it is a security flaw for even admins to know what a user's password is, the passwords in the table are almost always obfuscated through a one-way hash function. So, when you look at a password table, it may look something like this:
User | Password |
---|---|
smithr | 5EBE2294ECD0E0F08EAB7690D2A6EE69 |
jonesd | 0CC175B9C0F1B6A831C399E269772661 |
doej | 92EB5FFEE6AE2FEC3AD71C777531578F |
johnsonk | 25D55AD283AA400AF464C76D713C07AD |
williamsd | 21232F297A57A5A743894A0E4A801FC3 |
In this case, the passwords have been run through an MD5 hash function which cannot be reversed. When a user logs in, the computer will first apply the hash to the password they typed in, and compare it with the one on file to ensure a match. This way, the plaintext password is only even known by the user. So then, how can a password cracker ever determine a user's password? This is where the dictionary attack comes into play.
Step 2: Obtain a List of Commonly Used Password
This is particularly easy since many crackers have already done the hard work and compiled lists of commonly used passwords. Here is an example list:
Common Password |
---|
12345678 |
admin |
god |
password |
secret |
Step 3: Run the Same Hash On the List of Common Passwords
Hash functions used to obfuscate passwords cannot be reversed, but they can be repeated. To do this, a cracker must know the exact same hash function used to obfuscate the passwords in the stolen password table. This isn't too difficult, since only a few are commonly used. From here, the cracker runs all the commonly used passwords through the same hash function and gets a list of the hashes for each of the passwords.
Common Password | MD5 Hash |
---|---|
12345678 | 25D55AD283AA400AF464C76D713C07AD |
admin | 21232F297A57A5A743894A0E4A801FC3 |
god | A4757D7419FF3B48E92E90596F0E7548 |
password | 5F4DCC3B5AA765D61D8327DEB882CF99 |
secret | 5EBE2294ECD0E0F08EAB7690D2A6EE69 |
I should point out that the MD5 hash function is not a cryptographically secure hash function and should never be used to store passwords. I'm just using it for this example.
Step 4: Compare Against the Password Table
Once the dictionary of hashes has been generated, the cracker need simply look for matches in the hashes between the stolen password table and their dictionary. A match indicates that the user chose the password in the table.
User | Password | Match From Dictionary |
---|---|---|
smithr | 5EBE2294ECD0E0F08EAB7690D2A6EE69 | secret |
jonesd | 0CC175B9C0F1B6A831C399E269772661 | -no match- |
doej | 92EB5FFEE6AE2FEC3AD71C777531578F | -no match- |
johnsonk | 25D55AD283AA400AF464C76D713C07AD | 12345678 |
williamsd | 21232F297A57A5A743894A0E4A801FC3 | admin |
This method will identify every password in the stolen password table that matches one in the dictionary of commonly used passwords, which, in common practice, is often over half.
Since computers are very fast at generating hash functions and comparing values between two tables, a dictionary attack with millions of commonly used passwords can be carried out against a table of millions of user passwords in a matter of minutes.
Defenses
Salt
In order to combat dictionary attacks, most modern password tables first apply a salt to passwords before sending them through a hash function. A salt is a modification to a password so that it will yield a completely different hash. For example, the password below have been salted by adding a question mark to the beginning of them before being hashed, which gives an MD5 hash that is totally different from the hash without the question mark.
Common Password | MD5 Hash | Salted Hash |
---|---|---|
12345678 | 25D55AD283AA400AF464C76D713C07AD | 9F7128DB15B794862C8E96A819379D94 |
admin | 21232F297A57A5A743894A0E4A801FC3 | C0D28ABB7D0C94329B81AA112518ADA0 |
god | A4757D7419FF3B48E92E90596F0E7548 | 27DE47E3C4C4205ED02216C2A51AF071 |
password | 5F4DCC3B5AA765D61D8327DEB882CF99 | 1007980A168F839AA8C4689C7FBDDB0E |
secret | 5EBE2294ECD0E0F08EAB7690D2A6EE69 | D3A4FE3D71CD8546AA9BEC89F0D686DF |
When using a salt, the program that handles user passwords must not only apply the salt when storing the password into the password table, but it must also apply the salt to the password each time a user logs in to make sure it will match the hash in the password table.
A salted password table adds a layer of security because, in order for a dictionary attack to work, the dictionary of hashes must be generated with the passwords and the salt. So, if the cracker doesn't know the salt, all of the password will fail to find a match. However, if a cracker defeated a system's security well enough to make a copy of the password table, they probably also made a copy of the program that adds the salt. So, a salt will not stop a cracker, because they will be able to determine how the salt was added and apply it to their password dictionary, but it will slow them down.
Links
- en.wikipedia.org/wiki/Dictionary_attack - Wikipedia.