1 00:00:06,168 --> 00:00:10,014 - So, why is it so easy to crack passwords these days? 2 00:00:10,014 --> 00:00:13,131 Well first, there are many password breaches 3 00:00:13,131 --> 00:00:15,203 that you hear of where the passwords aren't 4 00:00:15,203 --> 00:00:16,911 encrypted at all, so that is, of course, 5 00:00:16,911 --> 00:00:18,583 is the easiest way, but if you actually 6 00:00:18,583 --> 00:00:21,108 have to crack the passwords, it's getting 7 00:00:21,108 --> 00:00:24,038 easier and easier to crack passwords for several reasons. 8 00:00:24,038 --> 00:00:26,894 First, we used to only rely on CPUs, 9 00:00:26,894 --> 00:00:29,817 and although, CPUs are getting faster and faster, 10 00:00:29,817 --> 00:00:31,571 so it's easier to crack passwords, 11 00:00:31,571 --> 00:00:34,628 now we also have GPUs that are used 12 00:00:34,628 --> 00:00:36,456 to crack passwords as well. 13 00:00:36,456 --> 00:00:38,490 GPUs are oftentimes much faster 14 00:00:38,490 --> 00:00:40,763 than relying on the CPU alone. 15 00:00:40,763 --> 00:00:42,955 You can also distribute the computations 16 00:00:42,955 --> 00:00:46,652 across multiple CPUs and GPUs in order to 17 00:00:46,652 --> 00:00:49,429 crack the same password set which often 18 00:00:49,429 --> 00:00:53,416 really increases the speed of the password cracking ability. 19 00:00:53,416 --> 00:00:55,164 There's also weak algorithms 20 00:00:55,164 --> 00:00:58,257 that make it very easy to crack passwords. 21 00:00:58,257 --> 00:01:01,229 We'll show how cracking when those 22 00:01:01,229 --> 00:01:05,508 LanMan and NT passwords are slightly different, 23 00:01:05,508 --> 00:01:09,504 you can see really quickly how the LanMan passwords 24 00:01:09,504 --> 00:01:13,767 are much easier to crack than the NT for several reasons. 25 00:01:13,767 --> 00:01:16,986 First, the LanMan automatically takes your password 26 00:01:16,986 --> 00:01:19,625 and makes it all upper case and then it splits it 27 00:01:19,625 --> 00:01:22,428 into two seven-character passwords and so 28 00:01:22,428 --> 00:01:25,200 you can crack all upper case passwords, 29 00:01:25,200 --> 00:01:27,950 and two sub seven-character sets, 30 00:01:28,860 --> 00:01:32,116 which makes it very, very easy to crack those passwords. 31 00:01:32,116 --> 00:01:35,339 There's some algorithms that are just weak 32 00:01:35,339 --> 00:01:39,171 and also, there are some operating systems 33 00:01:39,171 --> 00:01:42,192 such as Linux, which have salted passwords, 34 00:01:42,192 --> 00:01:44,186 which makes it more difficult to actually 35 00:01:44,186 --> 00:01:45,981 crack the passwords, whereas when 36 00:01:45,981 --> 00:01:48,545 those does not have salting in their algorithms, 37 00:01:48,545 --> 00:01:51,474 so it's much quicker to crack passwords. 38 00:01:51,474 --> 00:01:54,601 So on a Windows side, if two individuals have 39 00:01:54,601 --> 00:01:57,003 the same exact password, the hash is going 40 00:01:57,003 --> 00:01:59,239 to look exactly the same in the database, 41 00:01:59,239 --> 00:02:01,190 whereas on Linux, if two individuals 42 00:02:01,190 --> 00:02:04,439 have the same password, generally because of 43 00:02:04,439 --> 00:02:06,802 salting, they will show up as 44 00:02:06,802 --> 00:02:09,330 two different password hashes. 45 00:02:09,330 --> 00:02:12,589 So, weak algorithms is a big issue. 46 00:02:12,589 --> 00:02:15,886 There is also dictionaries that 47 00:02:15,886 --> 00:02:17,991 have been built over time based off 48 00:02:17,991 --> 00:02:21,775 of rainbow tables or password breaches. 49 00:02:21,775 --> 00:02:24,302 Let's start with password breaches first, 50 00:02:24,302 --> 00:02:26,193 since there have been so many breaches 51 00:02:26,193 --> 00:02:29,837 where peoples' passwords have been made available online. 52 00:02:29,837 --> 00:02:31,295 These breaches have been public, 53 00:02:31,295 --> 00:02:33,570 so you can access some of the passwords 54 00:02:33,570 --> 00:02:36,243 that were posted online and you can use those 55 00:02:36,243 --> 00:02:38,560 and your password cracking ability, 56 00:02:38,560 --> 00:02:40,357 so it's really easy to crack passwords 57 00:02:40,357 --> 00:02:43,330 if you have passwords from previous breaches. 58 00:02:43,330 --> 00:02:45,041 People generally tend to use 59 00:02:45,041 --> 00:02:47,482 the same passwords over and over again. 60 00:02:47,482 --> 00:02:50,529 Second, with rainbow tables, while rainbow tables 61 00:02:50,529 --> 00:02:54,065 don't have all the combinations of a password, 62 00:02:54,065 --> 00:02:57,278 they use a reduction function to actually 63 00:02:57,278 --> 00:03:00,665 get a large number of passwords, 64 00:03:00,665 --> 00:03:04,668 upwards of 99% of the passwords per certain sets 65 00:03:04,668 --> 00:03:07,286 within smaller files, so you might have 66 00:03:07,286 --> 00:03:10,277 a file that's a few gigabytes large 67 00:03:10,277 --> 00:03:14,444 and it contains 99% of passwords up to eight characters, 68 00:03:15,400 --> 00:03:18,326 so rainbow tables does make the password cracking 69 00:03:18,326 --> 00:03:20,493 ability much, much easier. 70 00:03:21,865 --> 00:03:24,751 So, GPUs, like I mentioned, definitely 71 00:03:24,751 --> 00:03:27,488 increases the speed of your password cracking. 72 00:03:27,488 --> 00:03:29,434 We're going to look at some password cracking 73 00:03:29,434 --> 00:03:32,414 using John the Ripper, using CPUs, and then 74 00:03:32,414 --> 00:03:34,659 we're going to look at password cracking 75 00:03:34,659 --> 00:03:37,242 using our GPU with OCL Hashcat.