Distributed password cracking with BOINC and hashcat

Hranický, Radek; Zobal, Lukáš; Ryšavý, Ondřej; Kolář, Dušan

doi:10.1016/j.diin.2019.08.001

Cited by 19 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, it is viable to crack passwords from leaked credential databases or other sources and use those against bank authentication. Distributed high-performance computing can be used to increase attack speed [17].…”

Section: A-12 Exhaustive Searchmentioning

confidence: 99%

E-Banking Security Study—10 Years Later

et al. 2022

View full text Add to dashboard Cite

ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work's main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.

show abstract

Section: A-12 Exhaustive Searchmentioning

confidence: 99%

E-Banking Security Study—10 Years Later

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Hashcat 2 and John the Ripper 3 are two popular open-source password guessing programs that provide a variety of ways for cracking passwords, including dictionary attacks, brute-force attacks, and rule-based attacks. Among all these types, the rule-based one is the fastest, and HashCat is the market leader in terms of speed, hash function compatibility, updates, and community support [8]. However, rule-based systems create passwords solely based on pre-existing rules, and developing new rules requires domain expertise.…”

Section: Rule-based Modelsmentioning

confidence: 99%

GNPassGAN: Improved Generative Adversarial Networks For Trawling Offline Password Guessing

Yu,

Martin

2022

Preprint

View full text Add to dashboard Cite

The security of passwords depends on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in password security research. Dictionary attacks must be carefully configured and modified to represent an actual threat. This approach, however, needs domain-specific knowledge and expertise that are difficult to duplicate. This paper reviews various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations. It also introduces GNPassGAN, a password guessing tool built on generative adversarial networks for trawling offline attacks. In comparison to the state-of-the-art PassGAN model, GN-PassGAN is capable of guessing 88.03% more passwords and generating 31.69% fewer duplicates.

show abstract

“…Many studies have explained the dangers of hash-solving systems such as Hashcat because it can be widely applied such as open source website, instant messaging applications [6], smart phone devices [7], cryptographic currency accounts [8] which can be done in a distributed manner [9]. Research on intelligent password cracking systems is also continuously being developed [10] which is supported by the speed of computer devices that will continue to increase twice every couple years.…”

Section: Introductionmentioning

confidence: 99%

Hash Value Security Improvement of PCS Password using Signed Binary Operation

Rahmadi,

Nurwicaksono

2024

JMASIF

View full text Add to dashboard Cite

Convenience and security have always been inversely related requirements in data protection systems. Users want a short and simple password that is easy to remember. On the other hand, the system that is widely used in securing user data, especially passwords, is using a one-way message digest. In addition, users are also required to use complex passwords through a combination of letters, numbers, and symbols. It aims to increase security but a complex password will make it difficult for users to remember their passwords. Even though a complex password does not necessarily make it secure because it's still on a PCS which is vulnerable to hacking. Moreover, in the current development of cybersecurity science where password hacking systems are very easy to obtain and can be used by anyone to find hash value of password on PCS quickly. A preliminary test that has been carried out proves that even complex passwords can be hacked easily. This study proposes the use of a code extension system for passwords before the hashing process is carried out through two simple schemes C1 and C2 through bitwise xor and addition operators respectively. The code from the password data is mapped out of PCS by using a unique value of data. Experimental results show that the C1 scheme is able to thwart hacking attempts by 80%, while C2 is able to increase the security of alphanumeric passwords by up to 90%. The proposed method is able to make a simple but strong password system.

show abstract

Distributed password cracking with BOINC and hashcat

Cited by 19 publications

References 1 publication

E-Banking Security Study—10 Years Later

E-Banking Security Study—10 Years Later

GNPassGAN: Improved Generative Adversarial Networks For Trawling Offline Password Guessing

Hash Value Security Improvement of PCS Password using Signed Binary Operation

Contact Info

Product

Resources

About