{"title":"选择有时间限制的密码破解策略","authors":"Przemysław Rodwald","doi":"10.5604/01.3001.0013.1467","DOIUrl":null,"url":null,"abstract":"The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases.\nKeywords: passwords, breaking passwords, hash functions, computer forensics.\n\n","PeriodicalId":9068,"journal":{"name":"Biuletyn Wojskowej Akademii Technicznej","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Choosing a password breaking strategy with imposed time restrictions\",\"authors\":\"Przemysław Rodwald\",\"doi\":\"10.5604/01.3001.0013.1467\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases.\\nKeywords: passwords, breaking passwords, hash functions, computer forensics.\\n\\n\",\"PeriodicalId\":9068,\"journal\":{\"name\":\"Biuletyn Wojskowej Akademii Technicznej\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Biuletyn Wojskowej Akademii Technicznej\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5604/01.3001.0013.1467\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Biuletyn Wojskowej Akademii Technicznej","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5604/01.3001.0013.1467","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Choosing a password breaking strategy with imposed time restrictions
The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the current state of law in that matter is presented, along with good practices in seizing the evidence. Then, the ways of storing static passwords in information systems are showed, after which various classes of password breaking methods are reviewed (dictionary, brute-force, rule, combinator, mask, hybrid, etc.). The most popular tools supporting this process are listed as well. The main part of the paper presents the original strategy of conducting an attack on a single hashed password with time constraints. Costs as well as economic efficiency for four different hardware solutions (laptop, gaming computer, rig with 6 GPU’s, cloud computing) are discussed. The calculations are shown on the example of two real attacks carried out by the author in the real legal cases.
Keywords: passwords, breaking passwords, hash functions, computer forensics.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
