I was listening to a recent security podcast in which this weeks episode included the topic of passwords, and a suggestion for increasing password strength while reducing its complexity. The method roughly involves appending or prepending various amounts of repeating characters or patterns to a sufficiently complex base password. For example using the base password:
W3akP@$$ —> W3akP@$$///////
This seems simple enough and from a strictly mathematical perspective the padded password is substantially more secure. Of course there are numerous methods for padding a password that can make it more complex yet still memorable such as using a series of “/\/\/\/\” rather than “///////“, but does doing this really add that much security? Today I’ll be covering how to attack those password, and find out if it really is more secure.
There are two common misconceptions I see that people often make regarding passwords and how they are cracked. One being they assume that there are only two methods of attacking a password, those being a bruteforce or a dictionary attack. The second misconception is that they don’t understand the difference between an online, and an offline attack. An online attack is when a program sends a username and password to a server checking the response each time for success. An example of this would be a routers admin interface, and the attack would ideally be done on a device which doesn’t have a lockout policy. This type of attack is usually very slow, and in this case generally the only options are dictionary and bruteforce.
However an offline attack is usually against a large database of password hashes such as a SAM(Security Account Manager) database from an active directory domain, or a SQL database from a forum. There can be hundreds or even millions of password hashes in this database. An offline attack can also be done against a single hash such as a WPA key. Unlike an online attack there are many different ways to attack the password hashes. The attack types includes but not limited to bruteforce (with or without positional mask), dictionary (with or without mutation rules), dictionary combination (with or without mutation rules), and finally hybrid ((dictionary and bruteforce), with or without mutation rules). In the case of password padding the important ones are those that allow us to use rules.
If you read my article “Rule-Fu: The art of word mangling” you may recall the “Z” and “z” rule. These rules basically append or prepend a character N amount of times to the base dictionary word.
Example: Using the rule – Z2 W3akP@$$ becomes W3akP@$$$$ and for z2 W3akP@$$ becomes WWW3akP@$$
It’s easy enough to create a rule set (a file containing one rule per line) that varies the number of appending or prepending characters, to do this I downloaded the latest version of the mask processor from here. Using that I ran the command (Ubuntu 64): (Mask processor uses the same syntax as oclhashcat)
root@erebus:~/maskprocessor-0.63# ./mp64.bin -1Zz -2123456789 ?1?2 > pad.rule
This output every combination of Z or z with 1-9 into a file called pad.rule. This simple rule file is only 18 lines and is probably not very effective. But what if the the last character of the dictionary word wasn’t the one the person padded it with, as in our first example W3akP@$$///////. For that we have to append and prepend every possible character to the original password using two separate commands like so:
root@erebus:~/maskprocessor-0.63# ./mp64.bin -1?l?u?s?d -2123456789 \$?1Z?2 > pad2.rule
root@erebus:~/maskprocessor-0.63# ./mp64.bin -1?l?u?s?d -2123456789 \^?1z?2 >> pad2.rule
In these commands we assign upper, lower, special, and digit to variable 1, variable 2 is assigned 1-9. In Linux \ escapes out the $ and ^ on the command line. Note that the second command has two > so as to append to the file rather than overwrite. The file pad2.rule should now contain 1710 rules to append and prepend every combination of upper, lower, special digit at lengths 1-9 to the base word in a dictionary. Running the rules with a decent dictionary should take a couple minutes if using hashcat or seconds if using oclhashcat-plus. You could even be creative and do a combination of both appending and pre-pending in a single rule.
Example: The rule ^/z4$\Z4 applied to W3akP@$$ becomes ////W3akP@$$\\\\
Now if you’ve been able to keep up with me so far you’ll quickly see that padding a password with a single repeating character doesn’t effectively increase it’s strength, especially if your using a base password found in a dictionary. It’s important to point out that a dictionary doesn’t mean a word you might find in the Oxford dictionary, instead it’s any word that closely matches a word from a list of already cracked passwords. The reason I say “closely matches” is because a dictionary word real or not can be easily modified using rules to covert something like monkey into M0nk3y!.
As a fix you may say instead of using a single repeating character use an alternating set such as ()()()() or 101010. Well there is still one more problem. After talking to Atom the creator of the hashcat suite of tools we came up with two new rules, the Y and y rules. Both are now in version 0.37 of hashcat and will be added to other versions shortly. The Y and y rule append and prepend N charcters from the base password.
Example: The rule $/$\Y2Y2 applied to W3akP@$$ would give us W3akP@$$/\/\/\
As before we can use the mask processor to generate every combination of alternating characters, example:
root@erebus:~/maskprocessor-0.63# ./mp64.bin -1?l?u?s?d \$?1\$?1Y2 > pad3.rule
root@erebus:~/maskprocessor-0.63# wc -l pad3.rule
Here the variable 1 is assigned all upper, lower, special, and digit, and the rule Y2 is statically assigned. The result is a rule file with 18,050 combinations of two characters that can be appending then doubled. Adding prepending rules would only bring pad3.rule up to 72.2k rules. Anyone that’s ran my 30k list of rules on the GPU knows that it only takes a few minutes to run, even with a 5.6 million word dictionary. So having a 36k rule set that appends or prepends a repeating set of characters really wouldn’t take that long.
So does password padding really increase the strength of a password? It really boils down to the method in which you do it. Simply adding repeating characters to it or alternating characters surly isn’t enough. What I’ve hopefully shown here is that there still need to be sufficient level of randomness to your password. The rules I generated were rather simplistic, and with a little thought they could be more effecent and encompassing. To top it off hashcat now supports the –stdout switch, rather than using the more complicated –debug mode. This means you can easily run a dictionary with tables through hashcat passing them through stdin to oclhashcat-plus, effectively having double mutations.
Example: password –> hashcat + tables –> p@$$w0rd –> oclhashcat-plus + padd3.rule –> p@$$w0rd/\/\/\/\