Brute Force Password Cracking and its Role in Penetration Testing

About This Presentation

Title:

Description:

Number of Views:354

Avg rating:3.0/5.0

Slides: 11

Provided by: uncw167

Category:

more less

Transcript and Presenter's Notes

Title: Brute Force Password Cracking and its Role in Penetration Testing

1
Brute Force Password Cracking and its Role in
Penetration Testing

2
Background

A cryptographic hash function is an algorithm
that takes an arbitrary block of data and returns
a fixed-size bit string, the (cryptographic) hash
value.
Cryptographic hash functions are used to encrypt
passwords in many corporations
Password strength can be a key vulnerability in
large corporations without proper policies on
password security.

3
Password Security in Relation to Penetration
testing

Penetration testing involves trying to take
control over systems and obtain data
One of the ways this is accomplished is by
exploiting weak password schemes
If password auditing is not a part of penetration
testing you leave yourself open to the likelihood
of a breach

4
Password Cracking, What are we trying to prevent?

There are several methods for password cracking
available.
Brute-force cracking, in which a computer tries
every possible key or password until it succeeds.
Dictionary attacks, pattern checking, word list
substitution, etc., attempt to reduce the number
of trials required and will usually be attempted
before brute force.

5
Password length and relative security
6
Focus of this presentation Brute Force

8
GPU vs CPU hashing comparison

Laptop(Amd A8 3400M... 4 cores) Averages about
100 million passwords per second. (6 characters)
Desktop(GPU ATI Radeon HD 5970... 40 cores)
Averages about 2.2 billion passwords per second.
(7 characters)
This is why recommendations are being made
currently to have no less than 12 characters
using uppercase, lowercase, digits, and special
characters.

Brute Force Password Cracking and its Role in Penetration Testing - PowerPoint PPT Presentation