Wordlists: from statistics to genetic (Ivan Yushkevich)
| February 15th, 2016
/ \
_ ) (( )) (
(@) /|\ ))_(( /|\
|-| / | \ (/\|/\) / | \ (@)
| |------------------/--|-voV---\`|'/--Vov-|--\-------------------|-|
|-| '^` (o o) '^` | |
| | `\Y/' |-|
|-| | |
| | Sorry, but this presentation is being |-|
|-| ____ _ _ | |
| | / ___|__ _ _ __ ___ ___| | ___ __| | |-|
|-| | | / _` | '_ \ / __/ _ \ |/ _ \/ _` | | |
| | | |__| (_| | | | | (_| __/ | __/ (_| | |-|
|-| \____\__,_|_| |_|\___\___|_|\___|\__,_| | |
| | |-|
|-| | |
| | |-|
|_|_______________________________________________________________| |
(@) l /\ / \\ \ /\ l `\|-|
l / V )) V \ l (@)
l/ // \I
V
Abstract:
Today, passwords remain one of the security cornerstones. They are used everywhere – accounts for online services, access to email and servers, domain accounts and more. We all know stories, when big companies has been cracked due to simple and predictable password of one of the employees?
During talk there will be present the results of testing different dictionaries for bruteforce, rules and other methods used to restore the user hashes. Also what will be if we combine all dictionaries at one? One big wordlist,of course, will allow to restore the hashes to the efficiency of all the dictionaries, but he will have several drawbacks: size and “”recovery”” speed. The problem can be solved by combining dictionaries and test them, to get best combination. But the first problem of this approach is that if there are 100 dictionaries and each combination will contain only 5 of them there will be near 9 billions of possible combinations. If there are about 200 of them and each combination contains few hundreds of them, it will impossible just to iterate such number. To solve this problem. Genetic algorithms can be used to solve such problem. They can be used to generate useful solutions to optimization and search problems. There will be introduced some results of idea by creating dictionaries using genetic algorithms, how population and genotype size have influence on final results, it’s pros and limits.
Bio:
Ivan is the information security auditor at Digital Security. His main area of interests – analysis of source code. He likes to search bugs, vulnerabilities in source code of different applications: from simple web sites to enterprise software. Also, he has vast experience in banking systems and web application penetration testing.