Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Password Cracking

Comp Sci ISU
by

Alexandra Rose

on 24 October 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Password Cracking

Password Cracking By: Alexandra Rose Cryptography WWII Enigma machine was an algorithm the Germans used to encrypt the messages they were sending each other. Thought it to be unhackable. By cracking the machine, the mathematicians working on it took 2 years off the war. Both lack proper encryption Yahoo LinkedIn Had no encryption, when attacked by a SQL injection, their passwords were revealed to have been saved in plain text Had encryption, but one that is common and easy to hack, did not use salting which would make their databases much more secure Define that word! What is salting? 3 candy answer salting is adding additional random characters to a password before hashing it Facebook Privacy Settings Using someone's Facebook profile, it is possible to get into almost any account which has no recovery email but which makes use of security questions.
Those who allow anyone (or just the friends of friends) to see everything in their profile, or who show no reserve when adding friends, are at risk of this threat.
With the changes that continue all the time with Facebook privacy settings, it is nearly impossible for most to keep track and make the necessary changes. Estimate! How many users are there on Facebook as of October 2012? 1 candy answer There are 1 billion users Use billing info, email + name to add credit card to amazon.com account Use credit card #, name + billing address to add a new email to amazon account Use "I forgot my password" feature and new email to gain access to account Using name, billing address, and last 4 digits of credit card, gain access to iTunes USe find my phone and find my mac to gain remote access to iPhone, iPad and macbook. wipe everything. @me.com is recovery email for gmail. use to access gmail account. Wipe emails. Gmail is recovery email for twitter, use to access twitter account 70% of people will hand over their password in exchange for a bribe It is possible to convince people
to hand out their password by pretending to
be an IT guy, or someone they're
not and simply ask
for it Researchers from Northwestern University, Stanford University and SRI 30% of people will hand over their password without a bribe Social Engineering -game like guitar hero
-stored subconsciously
-40 min practice (random sequences with a specific sequence showing up more than others)
-5 min test
-tested by how well the user is able to play the sequence as opposed to the other random sequences
-lasts a couple of weeks
-can't be tortured or coerced into revealing the sequence DEFINE THAT WORD! What is phishing? 3 candy answer Phishing is using an email or website that appears to be legitimate in order to gain a user’s password -using www.vvebsite.com instead of www.website.com
-since the majority of users use the same passwords across multiple websites, it is likely that they will gain access to multiple accounts using the info they gain.
- they could emulate a bank website, PayPal, an email,
website, Facebook, etc. How to prevent It From Happening to you study at Berkeley -90% of the people involved were fooled by a good phishing website
-unaffected by age, sex, amount of time spent on the internet, experience or education -check the address bar
-pay attention to the
"secure" symbol on the address bar in particular
- double check what you've typed, phishing makes use of common spelling/typing mistakes
-use bookmarks you've made instead of links you get in
emails Dictionary attack Brute Force Secret Service's DNA - tests every possible combination of characters systematically
- they start with just lower case letters
- 100% effective, however, it might take 4 thousand years to crack it. - uses a list of words to crack the password
- take more human nature into consideration
- people are more likely to use words than random combinations of characters
- takes into account the
tendency of changing "E"s into "3"s - Distributing Networking Attack
- determines criminal's hobbies and interests through the emails, documents, internet history and bookmarks saved on their computer.
- creates a list of words and performs a dictionary attack on encrypted files
- uses 4 thousand computers to date
- criminal working with horses - his password turned out to be an obscure word for one part of a stirrup Systematic Attacks top 5! What are the top 5 most popular passwords? 1 candy each (5 total) 1. "123456"
2. "password"
3. "12345678"
4. "1234"
5. "pussy" In conclusion... The majority of the methods used to crack passwords rely on users compromising their own passwords/systems. The greatest weakness of privacy is human nature
Full transcript