RE: ADS Password Storage Protection-$100 reward to crack my password hashes

["Donald N Kenepp" <don () videon-central com>]

Hi Roger,

  I fear you are forgetting a very important topic in password security;
human nature.

  Your contest results cannot be applied to a proof of concept on password
complexity, as some respondents will base their effort on the variety of the
prizes offered.  You may or may not find any of the passwords broken first
or last due to the pre-judged reward to effort ratio.

  In a similar vein, one of the reasons that many people argue mid-length
(8-10 character) complex passwords are sometimes better than longer
passwords (15+) is the user's reluctance to remember and utilize long
passwords and pass phrases.  A note in a lost wallet / briefcase, or a
sticky on the monitor, can quickly defeat the most exquisite password
requirements.

  Sincerely,
    Donald

Donald N Kenepp
Director of IT
Videon Central, Inc.
don () videon-central com

-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com] 
Sent: Monday, July 17, 2006 8:51 PM
To: Gregory Rubin; security-basics () securityfocus com
Cc: eric.baechle () dhs gov
Subject: RE: ADS Password Storage Protection-$100 reward to crack my
password hashes
Importance: High

$100 Contest Challenge Below (so keep reading):
--------------------------
I password crack for a living. If you can find a fast 15-character
password hash cracker, please let me know the tool and technique. I know
the theoretical technique...dictionary attack tool that uses words as
characters and do character substitution using words instead of letters
when doing a dictionary attack.

At 15-characters, 99.999% of users won't use a complete dictionary word,
so direct dictionary attacking is out. Most users will use one or more
dictionary words. Most words will be small (e.g. I, the, me, free,
etc.), so entropy will be small. 

(Dr. J of Microsoft has done an excellent paper on this idea-although
his conclusion is that moderately long passphrases are no better than
short complex passwords-something I disagree with.)

But there aren't any publicly available tools (John the Ripper can be
configured to do it though) for word-for-character substitution at the
moment. Plus at 15 characters, users may will throw in non-words or
complexity in their passphrase. As long as the attacker does know that
you use full words only and zero complexity, they would have to guess
all characters, and at 15 characters it becomes non-trivial to crack.

CHALLENGES:
Tell you what, let's do a test, with three challenges:

Challenge #1 (Complexity at 10 characters) for the first person to email
me the plaintext equivalent to the following NT hashes:

Easiest Challenge: 0570B4C2CC734E230DE9B67C868FAE04

Clues Normal Password Cracker Would Not Have:
1. It's 10 characters long exactly
2. Contains no words contained in the English dictionary, but is based
upon two words that have been "license-plated" (i.e. hybrid attack is
needed)
3. Moderate complexity, but nothing beyond alpha letters and numbers.

Prize for Challenge #1: 
1. Your name in my InfoWorld column
2. A free copy of my book, Honeypots for Windows (Apress, 2005)
---

Challenge #2 (15 characters long, no complexity) for the first person to
email me the plaintext equivalent to:

Harder Challenge: 7B1FC86A9CD8955963E3930C42F4226F

Clues Normal Password Cracker Would Not Have:
1. It's exactly fifteen characters long
2. Contains one or more words contained in the English dictionary
3. Absolutely no complexity.

Prize for Challenge #2 for the first person to email me the plaintext
equivalent
1. Your name in my InfoWorld column
2. A free copy of my latest book, Professional Windows Desktop and
Server Hardening (WROX, 2006)
---

Challenge #3 (15 characters or longer, some complexity) for the first
person to email me the plaintext equivalent to:
Hardest Challenge: 4475BCB3B66320BF289D5475C7016A81

Clues Normal Password Cracker Would Not Have:
1. It's fifteen characters or longer
2. Contains one or more words contained in the English dictionary
3. Some minor complexity.

Prize for Challenge #3 for the first person to email me the plaintext
equivalent
1. Your name in my InfoWorld column
2. $100 out of my pocket (my wife is going to love me)
3. A free copy of my latest book, Professional Windows Desktop and
Server Hardening (WROX, 2006)
4. A free copy of my next sole author book, Windows Vista Security:
Preventing Malicious Attacks (Wiley, 2007), when it comes out.
(or you can substitute any of these books for my latest co-author book,
MCSE Core Electives in a Nutshell (O'Reilly, late 2006) when it comes
out.

------
Rules:
1. I solely determine winners and all rules
2. You can only claim one challenge prize. Send me the passwords if you
break them, but if you win both challenges #1 and #2, I'll give you all
the prizes listed in #2, but I'll give prizes in #1 to the next closest
winner.

All password hashes can easily be cracked with the right tool and
dictionary. I expect the first challenge to be cracked first. I suspect
all three can be cracked. In the real world, the attacker would not be
given the clues I have given. But I want readers to understand how hard
this would be to do even if you had all the clues a real cracker would
need to begin the attack. 

This is proof of concept of password length over complexity. If someone
breaks Challenges #2 or #3 before #1, I'll know I'm wrong.

Have fun and enjoy.

-----Original Message-----
From: Gregory Rubin [mailto:grrubin () gmail com] 
Sent: Monday, July 17, 2006 5:43 PM
To: Roger A. Grimes
Cc: eric.baechle () dhs gov; security-basics () securityfocus com
Subject: Re: ADS Password Storage Protection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While I agree that length is far superior to complexity, I must disagree
that 15 char is sufficient.

(Pure theory to follow)
Each additional letter in English provides approximately 1.1 bits of
entropy.  Even grossly overestimating this at 2 bits, the total entropy
of a 15 char passphrase is only 30 bits or the equivelent of a complex
password of length 3 to 4.  Thus, the passphrase remains vulnerable to
dictionary attacks.

For secure systems, the user should type a sentance.  That will easily
provide around 20 or more characters.  At that length, the entropy at
the word level (as opposed to just the letter) starts to really come
into play and the pass phrase becomes secure.  For administrators, it
doesn't even need to be much longer, but they could throw in a little
complexity as they are likely to be more competant.

For low security systems, the users are going to pick weak stuff no
matter what, so is it worth the added inconvience?

Greg

P.S. Signed with a 40+ char pass-phrase.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32) - WinPT 0.11.9

iD8DBQFEvAR15KDU23nQpRcRAo8NAKC6zl2Y0IhsInZmaH0wec6nGZuzQwCg5jWq
UzR9jOPNsVbLXPjA2Lncaz4=
=81Gb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------