Increasing Hash Security
(OBJ 1.4)
Common Hashing Attacks
-
Pass the Hash Attack
- Hashing is a common method of storing passwords inside systems
- A hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user's password instead of requiring the associated plaintext password
- Hashes can be obtained by attackers to impersonate users without cracking the password
- From an attackers perspective, hashes are functionally equivalent to the original password that they generated, this means they do not actually need to get the actual password to log in as if they were you
- Difficult to defend against due to various Windows vulnerabilities and applications
- So many different exploits and vulnerabilities in OSs
- Process known as Hash harvesting
- Penetration tools like Mimikatz automate hash harvesting
- Mimikatz
- Provides the ability to automate the process of harvesting the hashes and conducting the attack
- Mimikatz
- Prevention
- Ensure trusted OS
- Proper Windows domain trusts
- Patching
- Multi-factor authentication
- Least privilege
-
Birthday Attack
- Occurs when two different messages result in the same hash digest (collision)
- We are trying to create collisions
- Named after the Birthday Paradox, where shared birthdays become likely in a group
- "If you have a random group of people, the chances are you are going to have two people in that group with the same birthday is high"
- Think of the Ch. 6.2 The Pigeonhole Principle
- Collisions in hashes can be exploited by attackers to bypass authentication systems
- If you find a matching hash for your password, you can actually use that hash instead of the original password value.
- Use longer hash output (e.g., SHA-256) to reduce collisions and mitigate the attack
- Occurs when two different messages result in the same hash digest (collision)
Increasing Hash Security
-
Key Stretching
- Technique that is used to mitigate a weaker key by creating longer, more secure keys (at least 128 bits)
- increases the time needed to crack the key
- Used in systems like Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 version 2, and Pretty Good Privacy
- Technique that is used to mitigate a weaker key by creating longer, more secure keys (at least 128 bits)
-
Salting
- Adds random data (salt) to passwords before hashing
- Ensures distinct hash outputs for the same password due to different salts
- Salting adds a level of protection towards Thwarts dictionary attacks, brute-force attacks, and rainbow tables
- Dictionary attacks
- When an attacker tries every word from a predefined list
- Brute-force Attack
- When an attacker tries every possible password combination
- Rainbow Tables
- Precomputed tables for reversing cryptographic hash functions
- Salt forces the attacker to produce a new table every time.
- Dictionary attacks
-
Nonces (Number Used Once)
- Adds unique, often random numbers to password-based authentication processes (ephemeral approach)
- Prevents attackers from reusing stolen authentication data
- Adds an extra layer of security against replay attacks
-
Limiting Failed Login Attempts
- Restricts the number of incorrect login attempts a user can make
- Increases security by deterring attackers attempting to guess passwords
- Typically, lock the account after three incorrect attempts