Choosing a password breaking strategy with imposed time restrictions
Journal Title: Bulletin of the Military University of Technology - Year 2019, Vol 68, Issue 1
Abstract
The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases. Keywords: passwords, breaking passwords, hash functions, computer forensics.<br/><br/>
Authors and Affiliations
Przemysław Rodwald
Keywords
Related Articles
- EP ID EP519305
- DOI 10.5604/01.3001.0013.1467
- Views 81
- Downloads 0
Analiza mechanizmów ochrony hasłem Telegram i Viber
Telegram i Viber to jedne z najpopularniejszych komunikatorów mobilnych. W odróżnieniu od produktów takich jak WhatsApp czy Facebook Messenger komunikatory te pozwalają na ograniczanie dostępu do wiadomości przechowywany...
Realization of coprocessor which supports counting of discrete logarithm on elliptic curves with partial knowledge
In this paper we analyse realization of a coprocessor which supports counting of discrete logarithm on elliptic curves over the field FG(p), where p is the large prime, in FPGA. Main idea of the realization is based on u...
Badania eksploatacyjne czterosensorowego detektora upadków
Zaprezentowane w niniejszym artykule badania stanowią kontynuację dotychczasowych prac mających na celu opracowanie mobilnego detektora upadków. Przedstawiony algorytm opiera się na dyskretnej transformacji falkowej sygn...
System inteligentny dom — nowoczesna technologia stosowana w budownictwie
W opracowaniu przedstawiono informacje dotyczące systemu inteligentny dom wraz z uzasadnieniem tezy, że ta technologia może być stosowana w domach jednorodzinnych. Podano ogólną charakterystykę systemu, która zawiera his...
A general theoretical formulation of deformation of steel structures exposed to fire
This paper presents a proposal for the formulation of a mathematical model of a fire resistance testing process for steel beams subject to bending, carried out experimentally in a test furnace. The model for the formulat...