基于gpgpu的SHA-1密码哈希暴力破解和字典攻击分析

2019 3rd International Conference on Informatics and Computational Sciences (ICICoS) Pub Date : 2019-10-01 DOI:10.1109/ICICoS48119.2019.8982390

Laatansa, R. Saputra, B. Noranita

{"title":"基于gpgpu的SHA-1密码哈希暴力破解和字典攻击分析","authors":"Laatansa, R. Saputra, B. Noranita","doi":"10.1109/ICICoS48119.2019.8982390","DOIUrl":null,"url":null,"abstract":"Password data in a system usually stored in hash. Various human-caused negligence and system vulnerability can make those data fall in the hand of those who isn't entitled to or even those who have malicious purpose. Attacks which could be done on the hashed password data using GPGPU-based machine are for example: brute-force, dictionary, mask-attack, and word-list. This research explains about effectivity of brute-force and dictionary attack which done on SHA-l hashed password using GPGPU-based machine. Result is showing that brute-force effectively crack more password which has lower set of character, with over 11% of 7 or less characters passwords vs mere 3 % in the dictionary attack counterpart. Whereas dictionary attack is more effective on cracking password which has unsecure character pattern with 5,053 passwords vs 491 on best brute-force attack scenario. Usage of combined attack method (brute-force + dictionary) gives more balanced approach in terms of cracking whether the password is long or secure patterned string.","PeriodicalId":105407,"journal":{"name":"2019 3rd International Conference on Informatics and Computational Sciences (ICICoS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Analysis of GPGPU-Based Brute-Force and Dictionary Attack on SHA-1 Password Hash\",\"authors\":\"Laatansa, R. Saputra, B. Noranita\",\"doi\":\"10.1109/ICICoS48119.2019.8982390\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Password data in a system usually stored in hash. Various human-caused negligence and system vulnerability can make those data fall in the hand of those who isn't entitled to or even those who have malicious purpose. Attacks which could be done on the hashed password data using GPGPU-based machine are for example: brute-force, dictionary, mask-attack, and word-list. This research explains about effectivity of brute-force and dictionary attack which done on SHA-l hashed password using GPGPU-based machine. Result is showing that brute-force effectively crack more password which has lower set of character, with over 11% of 7 or less characters passwords vs mere 3 % in the dictionary attack counterpart. Whereas dictionary attack is more effective on cracking password which has unsecure character pattern with 5,053 passwords vs 491 on best brute-force attack scenario. Usage of combined attack method (brute-force + dictionary) gives more balanced approach in terms of cracking whether the password is long or secure patterned string.\",\"PeriodicalId\":105407,\"journal\":{\"name\":\"2019 3rd International Conference on Informatics and Computational Sciences (ICICoS)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 3rd International Conference on Informatics and Computational Sciences (ICICoS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICICoS48119.2019.8982390\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 3rd International Conference on Informatics and Computational Sciences (ICICoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICoS48119.2019.8982390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

系统中的密码数据通常以散列形式存储。各种人为的疏忽和系统漏洞可能使这些数据落入那些没有资格甚至有恶意目的的人手中。使用基于gpgpu的机器可以对散列密码数据进行攻击，例如:暴力破解、字典、掩码攻击和单词列表。本研究阐述了利用基于gpgpu的机器对sha - 1哈希密码进行暴力破解和字典攻击的有效性。结果表明，暴力破解有效地破解了更多具有较低字符集的密码，超过11%的7个或更少字符的密码，而字典攻击对手只有3%。而字典攻击在破解具有不安全字符模式的密码时更有效，有5053个密码，而最佳暴力攻击场景为491个。使用组合攻击方法(蛮力+字典)在破解密码是长字符串还是安全模式字符串方面提供了更平衡的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of GPGPU-Based Brute-Force and Dictionary Attack on SHA-1 Password Hash

Password data in a system usually stored in hash. Various human-caused negligence and system vulnerability can make those data fall in the hand of those who isn't entitled to or even those who have malicious purpose. Attacks which could be done on the hashed password data using GPGPU-based machine are for example: brute-force, dictionary, mask-attack, and word-list. This research explains about effectivity of brute-force and dictionary attack which done on SHA-l hashed password using GPGPU-based machine. Result is showing that brute-force effectively crack more password which has lower set of character, with over 11% of 7 or less characters passwords vs mere 3 % in the dictionary attack counterpart. Whereas dictionary attack is more effective on cracking password which has unsecure character pattern with 5,053 passwords vs 491 on best brute-force attack scenario. Usage of combined attack method (brute-force + dictionary) gives more balanced approach in terms of cracking whether the password is long or secure patterned string.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 3rd International Conference on Informatics and Computational Sciences (ICICoS)

自引率

0.00%

发文量