Passwords, who doesn’t have at least one password that they can think of? We rely on them dearly for our sake of privacy and keeping information confidential. However, passwords can be guessed via dictionary attacks and even by brute forcing.
Brute forcing passwords is not the most efficient way of gaining access to an account during an audit or pentest, say in the case of network authentication.
Despite traditional ways of bruting passwords by using one single core (or even multi-core) processor, which isn’t the most efficient way, distributed computing is now the way of the future and is more of a realistic way to perform brute force attacks.
One great example of this currently in practice (at a small cost). Individuals now have access to bruting WPA passwords via:
http://www.wpacracker.com/
I decided to write a program in C, as just a mere fun task. The program will generate password combinations in letter character ranges from 4 characters long to 10 characters long. I chose this range, due to reading this:
http://www.schneier.com/essay-144.html
My program (which is located here:)
http://zitstif.no-ip.org/c/bruteme.txt
will cover 94.92% of passwords according to this study, however there is one caveat, I did leave out the ‘space’ character, in the array of characters.
Bear in mind, that the longer the password, the longer it takes to come up with the combination. I wrote this just as more of a simple PoC.
Users who want to keep their accounts secure, that rely on password authentication should keep this in mind:
* Use long passwords that you can remember
* Don’t write down your password or store your password in a clear text file.
* Don’t use the same password over and over
* Do not share your password with others
* If you can, use special characters, but make sure you can remember your password.
* Do not use easily guessable passwords
* Be very careful of what secret questions you use if you ever have to reset your forgotten password
* Try to change your passwords on a regular interval
* Do not do any remote authentication in public wireless networks
* Have multiple e-mail accounts, one that is for purchasing things online, and one for other matters
You might ask yourself, “Why should I not do any remote authentication in public wireless networks?”. I advise this because most public wireless networks I’ve encountered, have taken no precautions to prevent ARP poisoning. If you use VPNs or SSH tunneling, you’ll mitigate your risks, but I would still advise to not do authenticating in public networks.
One possible risk of relying on SSH tunneling, is giving away your server’s public IP (via means of ‘side channel attacks’). This could potentially make your server a target for various other attacks. Along with that, there is also the risk of SSH downgrade attacks. (I believe I’ve posted a link to this before: http://openmaniak.com/ettercap_filter.php)
Also for possible attacks / risks on VPN networks, have a look at this:
http://my.safaribooksonline.com/1931841810/ch10lev1sec260#X2ludGVybmFsX0ZsYXNoUmVhZGVyP3htbGlkPTE5MzE4NDE4MTAvMjUxJmltYWdlcGFnZT0yNTE=
As for multiple e-mail accounts, I believe this is a great precaution for the case of if you have one account breached. This way the attacker won’t have access to all the other accounts to reset passwords. However, this depends on how you have your e-mail accounts set up, so do be careful.
More to come…
Excellent post! I search about that in Google but I can not see this site very well