全自动智慧型密码猜测技术，字串分析、萃取、再用.pdf

IBRUT: Automating Intelligent IBRUT: Automating Intelligent Guessing Techniques. Guessing Techniques. Pattern Analysis, Extraction, Pattern Analysis, Extraction, Reuse. Reuse. 全自動智慧型密碼猜測技術, 字串分析、 萃取、再用 Fyodor fygrave@ Security today is a race between sof tware engineers striving to build bigger and better idiot-p roof p rograms, and the Universe try ing to p roduce bigger and better idiots - Altered quite by John Dry den research 1 Agenda Agenda l Bigger and better idiots” problem l Traditional methods l Analysis l GA theory quickly l Problem model design l Implementation l Demo l Questions throughout and at the end research 2 Problem Concepts: Problem Concepts: What we know about Password based Authentication schemes Weak random seeds (rarely are random) Often predicable environment, which affects the password which user selects research 3 Why? Why? l Human factor” based network security: passwords, hidden folders, hidden interfaces – always there lExploiting weakest link’’: vulnerabilities come and go: “human” mistakes remain l bruteforce” methodology: a need for some brain research 4 Current Methodologies Current Methodologies lBlind bruteforce (static dictionary based) l Intelligent” guessing: some mechanisms available – specific dictionaries, checks for no passwords, same as username passwords research 5 Issues Issues lExtremely unproductive lOften – ineffective (time constrain