WEBVTT

00:00.880 --> 00:05.880
Well we've got some computers in front of this because it's time to talk about cryptographic attacks.

00:05.970 --> 00:12.840
Now when we talk about cryptographic attacks the easier way to interpret this is cracking passwords.

00:12.840 --> 00:16.810
Now don't get too excited and everybody's like you get to finally get to crack some passwords.

00:16.810 --> 00:22.060
Well first of all let's make sure we understand what we're talking about when you talk about password

00:22.060 --> 00:30.320
cracking when you have some kind of server a web server an FPP server or an S-sh server again server.

00:30.580 --> 00:34.960
I don't care what kind of an operating system that is sharing folders.

00:34.960 --> 00:41.740
It doesn't matter what it is you are going to have to have a list of usernames and passwords stored

00:41.740 --> 00:43.630
somewhere on that server system.

00:43.630 --> 00:50.860
Now if you're going to store them well you have to when someone logs in there they're going to type

00:50.860 --> 00:56.590
in a username and password and then come to that server so you have to store the password.

00:56.590 --> 00:57.610
So how do you store it.

00:57.610 --> 01:00.910
Well you could just store in clear text.

01:00.910 --> 01:07.390
You mean you literally have a list somewhere on your hard drive that says Mike comma and then whatever

01:07.390 --> 01:10.780
his password is and Bob Khama and whatever his password is.

01:10.990 --> 01:13.400
Janet common whatever her password is.

01:13.540 --> 01:15.340
And we could do that.

01:15.340 --> 01:22.150
But the downside is is that if a bad guy gets to that server he could get easy access to our password.

01:22.150 --> 01:29.080
So traditionally what we do with a password is that when we create a new user and have to type in a

01:29.080 --> 01:31.970
password the password is never stored on the hard drive.

01:31.990 --> 01:33.260
We just hash it.

01:33.310 --> 01:35.470
So we just make a hash of the password.

01:35.470 --> 01:40.870
Now if we've got a hash of the password sitting on the server and somebody who's a client wants to log

01:40.870 --> 01:45.610
in what they're going to do is that the search is going to say Please type in your username and password

01:45.610 --> 01:50.210
so they type in the username and password on their side and then that is hashed.

01:50.470 --> 01:56.680
So the hash comes over the internets and then gets to the server the server compares the hashes and

01:56.680 --> 01:57.730
that's how it logs in.

01:57.730 --> 02:03.810
So we we would really never use clear text except in the most primitive of situations.

02:03.820 --> 02:08.560
The important thing to understand here is if you want to get into cryptographic attacks if you want

02:08.560 --> 02:13.210
to have passwords what you're really doing is hacking hashes.

02:13.210 --> 02:15.130
So there's a couple of things that come into play here.

02:15.130 --> 02:19.120
Number one you have to be able to get to those list of hashes.

02:19.120 --> 02:25.210
First of all so the one of the hardest jobs of cryptographic attacks is to how do you get to that server

02:25.210 --> 02:28.070
and how do you grab those usernames and passwords.

02:28.120 --> 02:33.700
You don't know what the passwords are but how do you at least get the list that varies for every single

02:33.700 --> 02:39.520
thing that's out there if you want to get your Windows system it has its own set of passwords and hashes

02:39.760 --> 02:43.210
if you want to get to an empty server depends on the brand.

02:43.210 --> 02:45.270
They have their own usernames and passwords.

02:45.400 --> 02:50.550
The biggest part of cryptographic attacks really isn't the hacking the hashes.

02:50.590 --> 02:55.570
The biggest part is getting to that and I'm not covering that in this section because there are huge

02:55.570 --> 03:00.550
groups of people who spend all kinds of time with all kinds of different stuff to figure out how to

03:00.550 --> 03:02.970
get to these different things.

03:02.980 --> 03:08.230
The second thing we need to talk about is that if the password is stored in a hash there is no way for

03:08.230 --> 03:11.350
you to reverse that hash to figure out what the password is.

03:11.350 --> 03:13.030
It's just not going to happen.

03:13.030 --> 03:18.880
So what we're going to do instead is we're going to generate hashes until we get the hash that we have

03:18.880 --> 03:19.790
a copy of.

03:19.810 --> 03:24.790
And now what we have the copy we know with this hash is because we generated it ourselves and that we

03:24.790 --> 03:25.750
know what the password is.

03:25.750 --> 03:30.040
So what we're talking about cryptographic attacks and in particular we're going to talk about brute

03:30.040 --> 03:34.730
force attacks and dictionary attacks and rainbow tables and all that kind of stuff.

03:34.750 --> 03:40.180
Keep in mind what we're doing more than anything else is generating hashes and making it compared or

03:40.180 --> 03:42.390
when we compare the right ones.

03:42.670 --> 03:46.280
Then we find we can say we have the password.

03:46.540 --> 03:48.920
So I want to go through this process a little bit.

03:48.950 --> 03:53.980
And the best way to do this is to pick an arbitrary server to attack.

03:53.980 --> 03:59.770
So in this case I'm going to use a program called Free S-sh and I've got it right here.

03:59.860 --> 04:05.710
So this is free S S H S S H is a wonderful little S S H and telnet server I've been using this thing

04:05.710 --> 04:07.060
for years and years.

04:07.090 --> 04:11.290
Nothing special about it but one of the things is kind of fun is that it's got these user accounts so

04:11.350 --> 04:18.620
I'm going to add a user and I'm going to add a user called Timmy and there's all these different ways

04:18.620 --> 04:24.500
I can store stuff I can use inti which is the Windows operating system that's on or in this case I'm

04:24.500 --> 04:31.070
going to use passwords stored as a shield one hash and I'm going to give it a dangerously simple password

04:31.340 --> 04:34.190
and I'm going to call it am I ok.

04:34.220 --> 04:35.490
All lowercase.

04:35.510 --> 04:38.030
Do not try such a small password at home.

04:38.030 --> 04:38.620
All right.

04:38.720 --> 04:43.580
And then what do I want this guy to be able to do with this particular S-sh tool.

04:43.580 --> 04:44.750
So here we go.

04:44.750 --> 04:51.350
Now I got this Timmy in here and I want to go ahead now and I want to first of all I have to figure

04:51.350 --> 04:54.120
out where is this Timmy password.

04:54.200 --> 04:56.030
So to do that

04:59.370 --> 05:00.110
OK.

05:03.510 --> 05:07.830
All I've done there is actually got free S-sh to save that particular one.

05:07.830 --> 05:09.420
So now I want you to watch this.

05:09.450 --> 05:16.140
So I had to do a lot of research for this old program but I dug and dug and I finally found some documentation

05:16.140 --> 05:21.810
that says all the passwords with the shotgun hash are stored in this little file right here so I could

05:21.810 --> 05:27.570
open this file up and scroll it around here I can see some other user accounts I have on here.

05:27.570 --> 05:30.360
But here's the Timmy account right here.

05:30.360 --> 05:35.990
So that is the actual hash that is storing that password of M I K E.

05:35.980 --> 05:43.470
Now now that I have the hash that's great but I need some tool that I can take this hash value and throw

05:43.470 --> 05:48.180
it in and say Keep running a bunch of hashes until you find one that matches that.

05:48.360 --> 05:53.590
And that process which we call a brute force attack can be done all kinds of different ways.

05:53.630 --> 05:59.460
Now for this one particular example I'm going to use an old program called Cain and Abel Let me show

05:59.460 --> 06:03.940
you that guy.

06:03.980 --> 06:08.660
So this is Cain and Abel but I need to warn you a couple of things about Cain and Abel before we get

06:08.660 --> 06:09.850
started with this.

06:09.860 --> 06:14.800
First of all Cain and Abel is a very very powerful tool but it's very dated.

06:14.800 --> 06:19.790
So even though I'm running a modern Windows system here there's a lot of features of Windows 10 that

06:20.030 --> 06:22.220
really just don't come into play anymore.

06:22.220 --> 06:27.590
The other thing is that anytime we talk about cryptographic tools like this is that they're not instantly

06:27.650 --> 06:29.090
easy to use.

06:29.090 --> 06:33.650
It would be kind of like someone saying Hey let's go ahead make an accounting spreadsheet and I hand

06:33.650 --> 06:37.400
you excel sure it's a good tool but you really have to understand what's going on.

06:37.400 --> 06:43.000
So there's a lot of steps in here that simply because I'm familiar with the tool.

06:43.100 --> 06:45.480
You get to do a little experimentation on yourself.

06:45.480 --> 06:46.960
So here we go.

06:47.000 --> 06:52.100
So we take a look at this and there is a crack or function right here you'll see that and it says what

06:52.100 --> 06:52.790
do you want to crack.

06:52.780 --> 06:56.660
So it's like these are all these different kinds of hashes because that's mainly what we're hatching

06:56.660 --> 06:57.690
in this world.

06:57.710 --> 07:02.510
So I know this is a shy one hash because that's how the Frias as a store stuff.

07:02.720 --> 07:08.090
So here's my shot one hash tool so what I'm going to have to do first of all is go over

07:10.940 --> 07:15.240
and I'm going to grab this hash.

07:15.400 --> 07:20.020
So I'm just doing a regular old copy and now I need to put it into the cracker

07:24.600 --> 07:28.530
and what I've done now is I've inserted this shot one hash into it.

07:28.530 --> 07:30.660
So now let's go ahead and start cracking.

07:30.660 --> 07:34.290
So what we're going to do first off is we're going to do brute force.

07:34.290 --> 07:39.630
We're basically going to say look Cain and Abel I want you to start with the letter A make a Shaolin

07:39.690 --> 07:45.630
hash make a letter B make a short one hash go through all those then do a then do a b then do ab cd

07:45.870 --> 07:48.660
get the idea that this could take a little bit of time.

07:48.690 --> 07:49.760
Well it absolutely does.

07:49.770 --> 07:51.930
So let's watch what happens.

07:51.930 --> 07:55.240
So what we're going to do is a brute force attack.

07:55.260 --> 08:00.330
Now you'll notice that I've got a lot of options here and all of these crackers have some type of tool

08:00.330 --> 08:01.200
like this.

08:01.200 --> 08:04.610
So it's going to say just use lowercase and numbers.

08:04.710 --> 08:10.230
Now for the sake of brevity what I'm going to do here is I'm going to make it even simpler than that

08:10.770 --> 08:13.990
and I'm just going to say just use lower case letters.

08:14.010 --> 08:16.470
Now what I want you to watch right here is the key space.

08:16.470 --> 08:23.700
So right now I'm in the thousands millions billions trillions gazillions.

08:24.090 --> 08:29.610
The number of permutations that would have to go through to do every possible combination just using

08:29.880 --> 08:32.760
the 26 letters of the alphabet as you can see is huge.

08:32.850 --> 08:37.230
But there are a few other things we know and again I'm cheating here folks simply because I know that

08:37.230 --> 08:39.120
the password is very very short.

08:39.150 --> 08:41.550
What I'm going to do here now I want you to watch the keyspace.

08:41.580 --> 08:44.590
I'm going to reduce the possible password length.

08:44.760 --> 08:47.080
So watch what happens that keyspace.

08:47.280 --> 08:52.260
As I keep making the number shorter and shorter.

08:52.380 --> 08:58.230
So one of the reasons why people always say use long passwords as you just saw it right there.

08:58.230 --> 09:03.900
The longer the password the more difficult it is for me to crack it in a brute force scenario.

09:03.900 --> 09:10.440
If you used complicated passwords with upper and lower case numbers and all that stuff it starts going

09:10.440 --> 09:14.250
into the months days years kind of a thing.

09:14.250 --> 09:21.480
So what I've done here is I've got it knocked down to a maximum of eight characters and let's go ahead

09:21.480 --> 09:23.040
and start it and see what happens.

09:24.820 --> 09:29.680
So if you take a look right here it was pretty much instantaneous but you'll see it found the password

09:29.740 --> 09:32.020
is Mike.

09:32.040 --> 09:34.170
So that is one example of brute force.

09:34.170 --> 09:39.210
Now keep in mind one more time with brute force is doing it's literally generating based on the predefined

09:39.210 --> 09:41.430
character set that I set up for it.

09:41.430 --> 09:47.190
I said to start with just the letters of the alphabet and just lowercase and a ground through them so

09:47.190 --> 09:53.880
you can see that it went through just about a trillion iterations and in a very very short amount of

09:53.880 --> 09:54.370
time.

09:54.450 --> 09:59.070
So imagine for a minute let's take a look at this one more time and imagine this time let's say I had

09:59.070 --> 10:01.650
a big complicated password.

10:01.650 --> 10:04.780
So what I want to do now is let's change this.

10:04.860 --> 10:05.820
So let's change it.

10:05.820 --> 10:11.300
So it's going to be lowercase alphabet uppercase alphabet and numbers.

10:11.310 --> 10:14.310
You see that right there.

10:14.330 --> 10:21.460
So I got to reset them here a little bit he still thinks I'm working on the old one here OK.

10:23.110 --> 10:26.510
Now watch the keyspace as I start to bring it up.

10:31.170 --> 10:37.470
You see that I'm already up to exponential notation so that is a really good example of why we use complex

10:37.470 --> 10:43.420
passwords we use complex passwords to make cryptographic attacks harder.

10:43.500 --> 10:44.020
Period.

10:44.130 --> 10:44.750
OK.

10:45.030 --> 10:46.930
So that's one example.

10:46.940 --> 10:52.740
In this particular example what we did is we simply ran a brute force attack.

10:52.740 --> 10:58.960
Now brute force attacks as you can see when things get complicated can become incredibly onerous.

10:59.010 --> 11:04.680
Now this is just a regular middle of the road desktop system if I wanted to I can buy computer systems

11:04.680 --> 11:10.020
or build all myself that use graphics processors and all this extra power and they can calculate a lot

11:10.020 --> 11:10.790
faster.

11:10.920 --> 11:12.810
But it still becomes very very difficult.

11:12.810 --> 11:17.430
So what we want to do is I want to go ahead do an attack but let's make some assumptions.

11:17.520 --> 11:22.080
One of the things we know about people was that I don't think I've ever met anybody who used a password

11:22.080 --> 11:31.040
that was 1 2 x f 9 L ampersand to write what we do as human beings as we tend to use dictionary words.

11:31.170 --> 11:39.300
Mike 47 and Timmy 22 and one Johnny Five and we heard all the O's and two zeros and you know all that

11:39.300 --> 11:39.950
stuff.

11:39.960 --> 11:45.420
Well if we know that we can do another kind of attack called a dictionary attack.

11:45.420 --> 11:51.250
Now a dictionary attack starts by using a text file that is filled with dictionary words.

11:51.280 --> 11:54.780
It will take those dictionary words and then it will manipulate them.

11:54.780 --> 12:00.210
For example if I put the word Mike in the dictionary I could tell the cracker to go don't you just might

12:00.240 --> 12:06.350
but do capital M I K E and then make Mike 1 Mike to Mike 47.

12:06.480 --> 12:13.380
All that type of stuff so a dictionary attack will always always start with a text file that's full

12:13.440 --> 12:16.790
of dictionary words so let's try a dictionary attack.

12:17.250 --> 12:21.220
All right so let's go ahead and grab that hash one more time.

12:23.050 --> 12:24.890
And I'm going to go ahead and plug it in here.

12:28.270 --> 12:29.950
So there's my hash.

12:29.950 --> 12:36.850
Now the whole idea behind a dictionary attack is we have to feed the attacking tool a dictionary so

12:36.850 --> 12:38.410
I have a very simplified one.

12:38.470 --> 12:42.580
If you take a look right here I've made a little file called dictionary.com TXI.

12:42.790 --> 12:47.120
And you can see that I have all of about what nine words in there.

12:47.170 --> 12:54.010
Keep in mind that you can download dictionaries from the internet that have hundreds and hundreds and

12:54.010 --> 13:01.080
hundreds of thousands of different words in there so dictionaries can be massive massive devices.

13:01.090 --> 13:03.410
Again I'm cheating for the sake of brevity.

13:03.670 --> 13:06.300
And so we got that dictionary ready to go.

13:06.300 --> 13:11.140
So let's go ahead and do the dictionary attack so I'm going to go and like dictionary attack this time

13:11.590 --> 13:14.860
and you'll see that I've already pre-selected that text file.

13:14.870 --> 13:20.880
Now this is a pretty handy tool because he always remembers where you left off and I've done attack

13:20.910 --> 13:21.400
before.

13:21.400 --> 13:24.800
He remembers them at the end of the file so I got to go through this little process.

13:25.690 --> 13:32.290
And say go back to the beginning and what I'm going to do is start it and boom you could see he pretty

13:32.290 --> 13:34.800
much almost instantly got the answer.

13:34.800 --> 13:39.850
Now I made this one easy because the password is just four characters and they're all lowercase alphas

13:39.970 --> 13:45.500
So again for brevity it works out real well but let's take a look a little bit more detail here.

13:45.670 --> 13:52.400
You'll notice that you tell these crackers how to deal with the particular type of word.

13:52.400 --> 13:58.660
So for example here's one where it says here if the upper case is a lowercase then do it also upper

13:58.660 --> 14:02.050
case or if the word in the dictionary is all uppercase.

14:02.050 --> 14:03.300
Do it in lower case.

14:03.490 --> 14:05.860
Here I can say Do case permutations.

14:05.860 --> 14:11.020
Now watch if I click that it actually turns a couple of these off because now it's saying change just

14:11.020 --> 14:13.460
the second letter to capitals change the third letter.

14:13.460 --> 14:14.800
However that might be.

14:14.970 --> 14:18.520
And the other one right here at the bottom might be familiar to some of you guys.

14:18.520 --> 14:22.780
Add two numbers to the end so whatever the word is you know.

14:22.780 --> 14:28.410
So if it's my new bike one my to my three Mike for all the way up to Mike Ninety-Nine And I wonder how

14:28.410 --> 14:29.800
many you guys out there set to go.

14:29.830 --> 14:33.520
Yeah the thing would probably crack my password based on that.

14:33.520 --> 14:39.640
So dictionary attacks are fantastic and they speed the process up simply because they take advantage

14:39.640 --> 14:45.740
of the fact that human beings tend to use words they're familiar with as part of their password.

14:45.730 --> 14:50.650
So at the top of every one of these dictionaries is password and one two three and one two three four

14:50.650 --> 14:52.400
so don't even bother with those.

14:52.400 --> 14:54.620
I'll have you hacked in milliseconds.

14:54.640 --> 14:56.090
Literally.

14:56.250 --> 15:05.340
Now both of these methods we've talked about so far brute force and dictionary attacks basically require

15:05.340 --> 15:10.320
the cracking program to generate hashes and compare generate hashes and compare.

15:10.320 --> 15:15.070
So for smaller passwords that can be a relatively good way to do things.

15:15.300 --> 15:21.660
But a lot of people use much more complex passwords and in that case we need to speed up the process

15:21.990 --> 15:27.110
and probably the best way to speed up the process is what's known as a rainbow table.

15:27.270 --> 15:31.440
Now a rainbow table is a pre-generated bunch of hashes.

15:31.440 --> 15:32.890
Now you need to be careful here.

15:33.000 --> 15:38.240
A hash table is nothing more than all these different words with a hash in it.

15:38.340 --> 15:43.050
A rainbow table is kind of like it's almost like an indexed hash table.

15:43.050 --> 15:48.210
If you've ever worked with databases where it will have indexes so that searching can take place a lot

15:48.210 --> 15:48.980
faster.

15:48.990 --> 15:55.110
It uses what's known as a reduction formula to allow these really big files that allow us to look at

15:55.110 --> 15:55.850
a bunch of hashes.

15:55.860 --> 16:01.500
But the important thing is is that a rainbow table already has the hashes in it so it eliminates that

16:01.500 --> 16:03.420
whole part of the process.

16:03.420 --> 16:08.150
So what we're going to do is one more time we're going to go through this process.

16:08.280 --> 16:10.510
Except this time we're going to use a rainbow table now.

16:10.560 --> 16:17.020
I need to warn you about something rainbow tables are massive massive.

16:17.220 --> 16:24.330
Even the smallest rainbow table is going to be in the tens of gigabytes and really serious like work

16:24.330 --> 16:29.730
for a living like trying to crack bad guy passwords types or rainbow tables can be in the terabytes

16:29.760 --> 16:31.140
upon terabytes.

16:31.140 --> 16:38.110
So usually what you end up doing is you go look I need to generate hash is based on just lowercase Alfas.

16:38.220 --> 16:44.370
Go ahead and generate my own rainbow table and that's what I've done in this particular case.

16:44.370 --> 16:49.890
You can download them there are companies that will sell you rainbow tables they will deliver a six

16:49.890 --> 16:56.700
terabytes set a hard drive to your front door filled with massive rainbow tables so rainbow tables are

16:56.700 --> 17:01.610
going to be used when the passwords are more challenging and it's a little bit harder to do.

17:01.610 --> 17:02.670
So let's go ahead and do.

17:02.670 --> 17:06.290
Rainbow tables using Cain and Abel.

17:06.340 --> 17:08.450
So just for fun this time I picked.

17:08.470 --> 17:11.380
There were three users I just grabbed another password just for fun.

17:11.380 --> 17:15.490
So what we're going to do here we're going to Right-Click on this and we're going to go ahead and do

17:15.550 --> 17:22.780
a rainbow table attack here and you'll notice that here's my rainbow table if you take a look over here

17:23.140 --> 17:24.870
this is the actual rainbow table.

17:24.970 --> 17:27.180
And I generated this one myself.

17:27.220 --> 17:31.910
It's a tool set that came with the same guys who make Cain and Abel.

17:31.930 --> 17:37.200
So if you just take a look at for example properties you'll see this when 610 megabytes.

17:37.300 --> 17:44.950
This is literally the smallest rainbow table I could possibly generate so this will see what happens

17:44.950 --> 17:51.700
here a lot of times because I said make a rainbow table based on one and just do lowercase characters

17:51.700 --> 17:59.870
and then generate all this big Super-Duper multiple indexed rainbow tables so let's go ahead and put

17:59.870 --> 18:01.360
it in so we got it loaded up.

18:01.460 --> 18:03.050
I've already selected it.

18:03.290 --> 18:12.590
And what I'm going to do here is hit start cross our fingers Oh didn't work in this particular case.

18:12.630 --> 18:17.800
Now as a good cryptanalysis person that is not that big of a deal for me.

18:17.940 --> 18:23.760
I picked a password that probably had numbers in it or upper and lower case and then these types of

18:23.760 --> 18:28.980
processes I would just go ahead and generate a much more complex rainbow table and just keep trying

18:28.980 --> 18:32.940
it again because that's what takes place in these types of scenarios.

18:32.940 --> 18:37.320
Now I need to warn you about something and that is well I've been lying to you a little bit and I'll

18:37.320 --> 18:40.340
show you what I mean right now.

18:40.500 --> 18:47.580
So what I'm going to do is I'm going to go ahead and add that hash back in now watch really close what

18:47.580 --> 18:48.410
happens.

18:48.420 --> 18:50.910
So I'm just going to hit paste now when I hit OK.

18:50.900 --> 18:51.880
Look at this.

18:52.020 --> 18:58.050
It says the length of the shot one hash must be exactly 20 bytes long each byte is 8 bits a SHA one

18:58.050 --> 18:59.470
hashes 160 bits.

18:59.490 --> 19:00.210
Yes.

19:00.300 --> 19:06.520
Wait a minute Mike you just cut and pasted that hash from that I and I file.

19:06.690 --> 19:08.100
So what's going on.

19:08.240 --> 19:16.230
What's happening here is most good password storage do something to make it a little bit harder.

19:16.320 --> 19:23.880
In this case what we're seeing is this particular tool just adds two characters to the end of the hash

19:23.900 --> 19:26.520
it just kind of arbitrarily puts two characters in.

19:26.700 --> 19:32.010
And if I were to cut and paste that you can see it kind of slows me down from cryptanalysis standpoint.

19:32.070 --> 19:37.110
Now again because I did some research online and because I experimented a little bit I just took the

19:37.110 --> 19:41.820
first 20 characters deleted those last two out put it in and everything ran great.

19:41.820 --> 19:48.050
So what we're trying to do here is the free S-sh tools trying to obfuscate things a little bit.

19:48.060 --> 19:50.900
Now that's an incredibly simplistic way to do it.

19:50.940 --> 19:56.660
What we do tend to see more common is something called assault S-A LTE.

19:56.670 --> 20:00.110
So in a assault situation it kind of goes something like this.

20:00.110 --> 20:05.970
So let's put a a password here so I've got a password of Tibe.

20:06.050 --> 20:06.770
OK.

20:06.800 --> 20:10.070
Now normally we would just hash that and generate a hash value.

20:10.160 --> 20:13.590
But a salt is a value that's an arbitrary value it tends.

20:13.670 --> 20:16.800
There's a lot of ways to solve the one of the ways that you have a fixed value.

20:16.820 --> 20:19.260
Back in the Linux systems you would have a.

20:19.310 --> 20:22.490
When you installed a new Linux system it would all have a thick salt.

20:22.640 --> 20:25.640
We're going to say the salt is some four characters here.

20:25.640 --> 20:26.960
Who cares what it is.

20:26.960 --> 20:31.350
So what we do is we take Tibe and can candidate those four characters at the end.

20:31.490 --> 20:33.640
And then we hash it.

20:33.650 --> 20:40.100
So that's what's known as a salted hash table salted hash tables as you might imagine are a lot harder

20:40.100 --> 20:41.970
to crack a lot harder.

20:42.020 --> 20:47.330
You would be hard pressed with the exception of some old applications like this free as S-sh to find

20:47.330 --> 20:52.280
situations where people do not salt their hashes.

20:52.280 --> 20:58.070
Now again this tool has functions that can deal with it but they take forever and it becomes an unattractive

20:58.070 --> 20:59.270
way to do things.

20:59.270 --> 21:05.330
Now what I want to do now is show you one other situation we run into and I'll bet you've seen this

21:05.330 --> 21:06.580
before yourself.

21:06.590 --> 21:15.750
So what we're going to do now is we're going to take a look at my little home router I've got right

21:15.750 --> 21:20.960
here and what I want to show you is that you'll see that I've got an SS ID right here.

21:21.030 --> 21:21.840
OK.

21:21.840 --> 21:24.490
But I'm going to go to wireless security now.

21:24.540 --> 21:30.690
Wireless security I'm using WPA too personal and I'm going to go ahead and type in a shared key now

21:30.750 --> 21:35.130
this is a kind of a nice little feature on the CD Desch w r t is I can actually show it to you.

21:35.130 --> 21:38.900
So I'm going to type in Fred.

21:39.050 --> 21:47.350
Now the problem we have here is that with wireless we're not going to be passing the word Fred through

21:47.410 --> 21:49.760
our just through the air.

21:49.760 --> 21:53.710
So what we're going to have to do is we're going to go out have to hash that thing.

21:53.810 --> 21:59.660
But a lot of people would be able to hack that Fred fairly easily so one of the things we'd like to

21:59.660 --> 22:05.450
do is type in big long complicated past codes which is one thing that could be helpful but the other

22:05.450 --> 22:10.420
thing we do and this is just one example where we see this all over the place is something called Key

22:10.420 --> 22:11.310
stretchy.

22:11.630 --> 22:14.970
So we're going to go over to Wireshark and let me show you how to do all this stuff.

22:14.990 --> 22:17.450
So what I'm going to do is type in Fred

22:20.800 --> 22:25.630
and then I'm going to type in hopes that are going to type in the GPS as ID

22:29.840 --> 22:31.330
and watch what happens here.

22:36.820 --> 22:40.840
That is really what your personal shared key is on there.

22:40.840 --> 22:47.260
This is one example of what we call key stretching in a key stretching scenario we take you know you

22:47.260 --> 22:49.310
type in your little word or whatever it might be.

22:49.390 --> 22:56.020
But it takes some other values and generates a very very complicated key which can then be passed through

22:56.020 --> 22:58.230
the ether or whatever or hash or whatever.

22:58.300 --> 23:01.470
And it's much much harder for the bad guys to do this.

23:01.600 --> 23:09.520
So if you take a look on the screen you'll see here it says PBK DFI two there are two types of key stretching

23:09.520 --> 23:13.050
that you see a WPA for wireless.

23:13.060 --> 23:17.250
It uses the PBK DFI to algorithm which is a great one.

23:17.260 --> 23:25.330
The other one you'll see a lot is called Big crypt and all these do is take some kind of key and not

23:25.330 --> 23:27.570
just hash it not just solve it.

23:27.610 --> 23:33.490
They stretch it out and they make it very very complicated simply because it's really really hard to

23:33.490 --> 23:34.060
crack these.

23:34.090 --> 23:42.670
In fact proper key stretching is in today's world pretty much uncrackable if you do all this stuff right

23:42.670 --> 23:48.820
in use longer passwords and you use key stretching you can save all your passwords and hashed encrypted

23:48.820 --> 23:59.670
formats on your hard drives and nobody is ever ever going to mess with them.

24:02.190 --> 24:12.130
In.