1 00:00:06,370 --> 00:00:09,640 - So why is it so easy to crack passwords these days? 2 00:00:09,640 --> 00:00:13,970 Well, first, there's many password breaches that you hear of 3 00:00:13,970 --> 00:00:15,960 where the passwords aren't encrypted at all 4 00:00:15,960 --> 00:00:18,010 so that of course is the easiest way. 5 00:00:18,010 --> 00:00:20,550 But if you actually have to crack the passwords 6 00:00:20,550 --> 00:00:22,740 it's getting easier and easier to crack passwords 7 00:00:22,740 --> 00:00:23,940 for several reasons. 8 00:00:23,940 --> 00:00:26,900 First: We used to only rely on CPUs 9 00:00:26,900 --> 00:00:29,790 and although CPUs are getting faster and faster 10 00:00:29,790 --> 00:00:32,220 so it's easier to crack passwords, now we 11 00:00:32,220 --> 00:00:36,440 also have GPUs that are used to crack passwords as well. 12 00:00:36,440 --> 00:00:39,410 GPUs are oftentimes much faster than relying 13 00:00:39,410 --> 00:00:40,970 on the CPU alone. 14 00:00:40,970 --> 00:00:43,200 It can also distribute the computations 15 00:00:43,200 --> 00:00:46,730 across multiple CPUs and GPUs in order 16 00:00:46,730 --> 00:00:48,840 to crack the same password set 17 00:00:48,840 --> 00:00:51,800 which often really increases the speed of 18 00:00:51,800 --> 00:00:53,500 the password-cracking ability. 19 00:00:53,500 --> 00:00:56,390 There's also weak algorithms that make it 20 00:00:56,390 --> 00:00:58,360 very easy to crack passwords. 21 00:00:58,360 --> 00:01:03,360 We'll show how cracking Windows Lanman and NT passwords 22 00:01:03,750 --> 00:01:07,110 are slightly different, and we can see how really quickly 23 00:01:07,110 --> 00:01:11,270 how the Lanman passwords are much easier to crack 24 00:01:11,270 --> 00:01:12,770 than the NT. 25 00:01:12,770 --> 00:01:16,010 For several reasons, first, the Lanman automatically 26 00:01:16,010 --> 00:01:18,710 takes your password and makes it all uppercase 27 00:01:18,710 --> 00:01:21,650 and then it splits it into two 7-character passwords 28 00:01:21,650 --> 00:01:25,101 and so you can crack all uppercase passwords 29 00:01:25,101 --> 00:01:28,640 into two sub 7-character sets 30 00:01:28,640 --> 00:01:32,050 which makes it very, very easy to crack those passwords, 31 00:01:32,050 --> 00:01:35,147 so there's some algorithms that are just weak 32 00:01:35,147 --> 00:01:40,020 and also there are some operating systems such as Linux 33 00:01:40,020 --> 00:01:43,020 which have salted passwords, which makes it more 34 00:01:43,020 --> 00:01:45,320 difficult to actually crack the passwords 35 00:01:45,320 --> 00:01:48,770 whereas Windows does not have salting in their algorithms 36 00:01:48,770 --> 00:01:51,850 so it is much quicker to crack passwords. 37 00:01:51,850 --> 00:01:55,040 So, on the Windows side, if two individuals have the 38 00:01:55,040 --> 00:01:56,380 same, exact password 39 00:01:56,380 --> 00:01:59,600 the hash is going to look exactly the same in the database. 40 00:01:59,600 --> 00:02:02,771 Whereas, on Linux, if two individuals have the same password 41 00:02:02,771 --> 00:02:06,660 generally because of salting, they will show up 42 00:02:06,660 --> 00:02:09,240 as two different password hashes. 43 00:02:09,240 --> 00:02:12,770 So, weak algorithms is a big issue. 44 00:02:12,770 --> 00:02:15,900 There's also various dictionaries that 45 00:02:15,900 --> 00:02:18,470 have been built over time based off of 46 00:02:18,470 --> 00:02:22,010 rainbow tables or password breaches. 47 00:02:22,010 --> 00:02:24,230 Let's start with password breaches first 48 00:02:24,230 --> 00:02:26,650 since there been so many breaches where peoples' 49 00:02:26,650 --> 00:02:29,480 passwords have been made available online. 50 00:02:29,480 --> 00:02:31,970 These breaches have been public so you can access 51 00:02:31,970 --> 00:02:35,170 some of the passwords that were posted online 52 00:02:35,170 --> 00:02:38,680 and you can use those and your password cracking ability 53 00:02:38,680 --> 00:02:40,840 so it's very really to crack passwords if you have 54 00:02:40,840 --> 00:02:43,380 passwords from previous breaches. 55 00:02:43,380 --> 00:02:45,930 People generally tend to use the same passwords 56 00:02:45,930 --> 00:02:47,390 over and over again. 57 00:02:47,390 --> 00:02:50,660 Second: With rainbow tables, all rainbow tables 58 00:02:50,660 --> 00:02:53,501 don't have all the combination of a password. 59 00:02:53,501 --> 00:02:56,170 They use a reduction function to 60 00:02:56,170 --> 00:03:00,280 actually get a large number of passwords 61 00:03:00,280 --> 00:03:04,150 upwards of 99% of passwords per certain sets 62 00:03:04,150 --> 00:03:07,890 that's within smaller files, so you might have a file 63 00:03:07,890 --> 00:03:11,348 that's a few gigabytes large and it contains 64 00:03:11,348 --> 00:03:15,330 99% of passwords up to 8 characters. 65 00:03:15,330 --> 00:03:18,529 So, rainbow tables does make the password cracking 66 00:03:18,529 --> 00:03:21,040 ability much, much easier. 67 00:03:21,040 --> 00:03:25,970 So, GPUs, like I mentioned, definitely increases the speed 68 00:03:25,970 --> 00:03:27,730 of password cracking. 69 00:03:27,730 --> 00:03:29,710 We're gonna look at some password cracking using 70 00:03:29,710 --> 00:03:32,150 John the Ripper, using CPUs, 71 00:03:32,150 --> 00:03:34,660 and then we're going to look at password cracking 72 00:03:34,660 --> 00:03:38,030 using our GPU with oclhashcat.