Re: Cisco LEAP

[Anders Thulin <Anders.Thulin () kiconsulting se>]

No Man wrote:

> Take for example a 6 character password made of
> lowercase letters and numbers. 36^6 works out to about
> 2.2 billion possibilities. Your dictionary or 2.2B rc4
> hashes would take up roughly 40GB.

  If space is at a premium, don't forget the Oechslin
rainbow chain cracking improvement that was published
recently (with sample code for LM-hashes). It can easily
be adapted to this task, and it takes very little space
for storage. Cracking time, though, gets fairly high.

> 1) what would it take time-wise to create the
> dictionary?

  No idea, since I don't know what a single
RC4 + 3 DES steps would take.  DES can be
bitsliced (se DESCHALL and others) which speeds
up things quite a bit. I have no idea about RC4
time requirements.

> 2) how long would it take to cycle through 40 gigs of
> hashes to find the matches?

  No time at all, if you store the full 21 byte hash->password
mapping.  Then it's just one database lookup, and
you've got it.

  If you have a fast dictionary cracker (takes
a single hash, a list of words, and outputs
any of those words that match the hash), you can decide
how much time it should take.

  Just put all passwords with the same 2/3/4 bytes
of the hash into the same file. The files could be
stored in a standard directory:

  ...path to database/byte 1/byte 2/byte 3/byte4.txt

if you decide to index on four bytes from the hash.

 If the cracker does 1 million passwords per
second, and your time target is 10 seconds, select
the number of hash bits for indexing that produces
less than 10 mill. collsions. Then feed the list of
all those collisions as dictionary file to the
cracker. Wait ten seconds.

> 3) how many matches on the last two bytes of the hash
> are there likely to be?

  If the encryption method is any good, you won't find
any major statistical anomalies anywhere in the hash.
In which case you just divide the total password
space with 2^16 -- that's how many collisions you
can expect.

  With the assumption you made above (36^6), less than
35000 collisions.

--
Anders Thulin   anders.thulin () kiconsulting se   040-661 50 63        
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------