Java中的JCA对基于密码的加密进行成功的蛮力搜索攻击所需的时间估计

news2024/12/23 23:27:44

  1. 对于JCA中基于密码的DES加密实现,固定一些盐和迭代计数,并记录加密/解密所需的平均时间;
  2. 估计成功进行蛮力搜索攻击所需的时间

Name: NIHAO DONG

Number: 201476606

  1. Password List:

N

Password

1

P@$$W0rD

2

thisismypassword

3

VeryLongP@$$W0rD

  1. fix some salt and iteration count and record an average time required for encryption/decryption:

Salt:

Iteration count:

encryption/decryption code:

Record an average time required for encryption/decryption, Timestamps are used in JAVA to record the average time of five times.

N

Password

Time for encryption/decryption

1

P@$$W0rD

2

thisismypassword

3

VeryLongP@$$W0rD

Based on the experimental results, we can see that the more complex the password, the longer it takes to encrypt/decrypt.

Delfs Hans(2015) explained this reason in his book "Introduction to Cryptography: Principles and Applications". He briefly described the PBE principle as follows: Password + Salt and then get the key through iteration, and then use the key to encrypt the plaintext through the symmetric algorithm. The more iterations there are, the more complex keys the encryption gets and the more time it takes. Similarly, the longer the decryption time is. But at the same time, the book also makes a comparison between ordinary computers and quantum computers, whose computer performance is the most important factor affecting time.

In conjunction with Paar Christof and Pelzl Jan (2010), an introduction to the importance of CPU performance in the prologue to “Understanding Cryptography: A Textbook for Students and Lens”. Through the comparison between ordinary computer and quantum computer, the conclusion is drawn that the speed of encryption and decryption depends on the performance of the computer under the same encryption algorithm.

  1. Estimate the time required for successful brute-force search attack, assuming that an attacker knows:

Invariants : •the predefined plaintext;

•the ciphertext produced;

•the salt;

•the iteration count;

Variable: •but no password.

N

Password

Estimated time

The online server gives the time

1

P@$$W0rD

194years

8 hours

2

thisismypassword

2.35*10^8years

34 thousand years

3

VeryLongP@$$W0rD

5.119*10^20years

1 trillion years

A formula to calculate: S = x^L Delfs Hans 2015

1. S is the total number of possible digits

2. X is the number of possible values for each location in the password

3. L is the length of the password.

It takes about 0.0017 milliseconds to compute a hash (Mouha Nicky ie.2018). 1.7*10^-6 seconds in scientific notation.

Password "P @ $$W0rD". This password consists of four parts: Numbers, uppercase letters, lowercase letters, symbols. The number of character sets is (10+26+26+32) =94. Therefore, cracking the code takes on average (1.7*10^-6*96^8) s/2, which is about 70,970 days, or about 194 years.

Password "thisismypassword". This password consists of only lowercase letters. So there are 26 characters. The number of character sets is 26. Therefore, cracking this password takes on average (1.7*10^-6*26^16) s/2, about 7.413*10^16 seconds, or 857870370370 days, or about 2.35*10^8 years.

Password "VeryLongP @ $$W0rD". This password consists of four parts: Numbers, uppercase letters, lowercase letters, symbols. The number of character sets is (10+26+26+32) =94. Therefore, cracking this password takes on average (1.7*10^-6*96^16) /2, which is about 4.42*10^25, which is about 511921296296296300,000 days, which is about 5.119*10^20 years.

Combined with experimental results and literature. It concluded that the more complex the password, the longer it took brute force search to crack it.

  1. Investigate how the time required for the attack depends on the iteration count:

Let's start with password No.3. (VeryLongP@$$W0rD)

Invariants:

password

plaintext

salt

ciphertext

Variable:

Iteration count

Here we set the time precision to MS to get the time needed for decryption.

Iteration count:

1000

100000

1000000

10000000

encryption Time:

After four experiments. When other conditions remain unchanged, the number of iterations keeps increasing. The encryption and decryption time required also increases.

At the same time, as an attacker, the attack process is as follows: brute search password, get the key through salt and iteration times, encrypt plaintext, get ciphertext. Verify that the password is correct against the ciphertext. (Regalado Daniel 2015) This means that total time = brute force search time + validation time.

Number of iterations: A single round does not provide sufficient security; Based on the paper "Finding Bugs in Cryptographic Hash Function Implementations" published by Mouha Nicky et al. (2018), and combined with the experimental results, it is obtained that: Cryptographic hash functions are security-critical algorithms with many practical applications, especially in digital signatures. The more complex the number of iterations, the more complex the key obtained.

  1. Consider a variant of the attack, in which an attacker knows everything as above, except the iteration count, and estimate the time required to recover the passwords.

Invariants:

password

plaintext

salt

ciphertext

Variable:

Iteration count

Start with password No.2. (thisismypassword)

Iteration count:

1000

100000

1000000

10000000

Recover Time:

The results show that: The more iterations, The longer it takes to recover The password.

So the attacker already knows plaintext, ciphertext, salt. But we don't know the number of iterations. So if an attacker wants to recover the password, he doesn't need a reverse hash algorithm. The attacker just needs to collide and find a hash with the same password as the original value. As encryption is a hashing based on nonlinear functions, there is no decryption method. (Ferguson Niels 2010) This means that to retrieve the password corresponding to a hash, there is no choice but to try all possible passwords!

The following is summarized in Regalado Daniel's(2015) book "Ray Hat Hacking: The Ethical Hacker's Handbook" and Stallings William's article "Cryptography and Network Security: Principles and Practice". In theory, it is impossible to output the password backwards, because the information is lost in the encryption. It is impossible for an attacker to know which is the original plaintext. Given the limit of password length, there is likely to be only one that satisfies the hash. Suppose the user uses a 256bit hash, evenly distributed, with a password composed of Numbers and letters (36 choices) with a length fixed at 16 bits. Probability of collision: 1 - (2^256)! / (2^256^36^26 * (2^256 - 36^26)!),  Theta is close to 0. So a single hash is almost irreversible, which means that if an attacker uses a brute force search or rainbow table.

In summary, The attacker's password recovery time = brute force search cracking password time + collision verification.

Iteration count:

1000

100000

1000000

10000000

Attack Time:

2.35*10^8years

+116ms

2.35*10^8years

+220ms

2.35*10^8years

+661ms

2.35*10^8years

+4812ms

Based on the experimental results in Section 4, it is concluded that the number of iterations will affect the time of collision validation. Therefore, the number of iterations will have an impact on the attack time. The longer the number of iterations, the longer the attack takes.

  1. Compare estimated time with the estimated time returned for the same passwords by online services and propose plausible explanation of any observed differences.

N

Password

Time on howsecureismypassword.net

Time on Kaspersky password checker

Estimated time

1

P@$$W0rD

8hours

2s

194years

2

thisismypassword

34 thousand years

This password appeared 3081 times in a database of leaked passwords.

2.35*10^8years

3

VeryLongP@$$W0rD

1 trillion years

15days

5.119*10^20years

Analysis of experimental results. Brute force searches take the longest, higher than online servers. But on an online server, the second site takes less time to return.

The reason is that the second online server has a database and can perform a "dictionary attack" (Wu Chwan-hwa 2013). The time complexity of this algorithm is a polynomial of the input scale, in this case the simplest unary equation, Y (algorithm running time) = X (the number of passwords in the data dictionary). So the dictionary attack time is much less than the brute force search time.

"Dictionary attacks are more effective than brute force searches" (Stallings, W. 2017), and Stallings makes a specific comparison in his book that brutal-force searches of the same complex password take much longer than dictionary attacks.

Brute force search is a simple and effective method of attack, but the time it takes depends on the complexity of the password and the performance of the computer.

(Estimated time compared to the first site, same as brute force search.) As an attacker, it can be improved, such as using dictionary attacks or rainbow tables to crack. More consideration should be given to the balance of space and time.

Reference:

  • Yoon, J.W., Kim, H., Jo, H., Lee, H. & Lee, K. 2015, "Visual Honey Encryption: Application to Steganography", ACM, , pp. 65.

  • Gomaa, I., Said, A.M., Abd-Elrahman, E., Hamdy, A. & Saad, E.M. 2017, "Performance Evaluation of Virtual Identity Approaches for Anonymous Communication in Distributed Environments", Procedia computer science, vol. 109, pp. 710-717.

  • Paar, C. & Pelzl, J. 2010, Understanding cryptography: a textbook for students and practitioners, Springer, Heidelberg.

  • Stallings, W. 2017, Cryptography and network security: principles and practice, 7th (global) edn, Pearson, Boston.

  • Katz, J. 2010, Digital signatures, Springer, London;New York;.

  • Delfs, H. & Knebl, H. 2015, Introduction to cryptography: principles and applications, 3rd edn, Springer, Heidelberg.

  • Paar, C. & Pelzl, J. 2010, Understanding cryptography: a textbook for students and practitioners, Springer, Heidelberg.

  • Mouha, N., Raunak, M.S., Kuhn, D.R. & Kacker, R. 2018, "Finding Bugs in Cryptographic Hash Function Implementations", IEEE transactions on reliability, vol. 67, no. 3, pp. 870-884.

  • Regalado, D. 2015, Gray hat hacking: the ethical hacker's handbook, 4th edn, McGraw-Hill Osborne, New York.

  • Thomas, T.M. & Stoddard, D. 2012, Network security first-step, 2nd edn, Cisco, Indianapolis, Ind.

  • Wu, C. & Irwin, J.D. 2013, Introduction to computer networks and cybersecurity, CRC Press, Boca Raton.

  • Ferguson, N. 2010, Cryptography engineering: design principles and practical applications, Wiley, Indianapolis, Ind.

 

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/190247.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

[0CTF 2016]piapiapia(字符逃逸详解)

目录 知识点 信息收集 尝试SQL注入 源码目录扫描 代码审计 payload生成 知识点 信息泄露参数传递数组绕过字符串检测反序列化字符逃逸 信息收集 收集到了一只超可爱的小喵 尝试SQL注入 用户名不存在的回显 密码无效的回显 用户存在,密码错误的回显 判断闭…

STC15系列PWM功能相关功能寄存器介绍

STC15系列PWM功能相关功能寄存器介绍✨以下数据来源于stc15手册。 📓增强型PWM波形发生器相关功能寄存器总表 1. 端口配置寄存器:P_SW2 2.PWM配青寄存器:PWMICFG CBTADC: PWM计数器归零时 (CBIF1时) 触发ADC转换 – 0:PWM计数器归零时不触发ADC转换 – …

Web3中文|亚马逊进入web3,将在春季推出NFT计划

亚马逊正向加密行业迈出第一步。 根据Blockworks 1月26日发布的报告,这家电子商务巨头计划在2023年春天推出一项专注于区块链游戏和相关NFT的计划。 该计划仍处于开发阶段,但发布的最后期限定为4月。亚马逊用户将可以体验基于区块链的游戏并领取免费的…

Python采集某乎专栏文章保存成pdf

前言 大家早好、午好、晚好吖 ❤ ~ 环境使用: Python 3.8 Pycharm wkhtmltopdf 软件 --> 文章下方名片信领取 模块使用: requests >>> pip install requests 数据请求 parsel >>> pip install parsel 数据解析 re >>> 内置模块 不需要安装…

域内委派攻击

域委派是指,将域内用户的权限委派给服务账号,使得服务账号能以用户权限开展域内活动。利用委派可获取域管理员权限 域委派主要分为三种: 非约束性委派 约束性委派 基于资源的约束性委派 在Windows系统中,只有服务账号和主机账号…

操作系统权限提升(五)之系统错误配置-PATH环境变量提权

系列文章 操作系统权限提升(一)之操作系统权限介绍 操作系统权限提升(二)之常见提权的环境介绍 操作系统权限提升(三)之Windows系统内核溢出漏洞提权 操作系统权限提升(四)之系统错误配置-Tusted Service Paths提权 注:阅读本编文章前,请先阅读系列文章…

寻找整数

问题描述 本题为填空题,只需要算出结果后,在代码中使用输出语句将所填结果输出即可。 有一个不超过 10^{17}1017 的正整数 nn,知道这个数除以 2 至 49 后的余数如下表所示,求这个正整数最小是多少。 运行限制 最大运行时间:1s最大运行内存: 512M参考答案 mp = {2: 1, …

虹科动态 | 虹科HSR/PRP IP核现已支持HSR/PRP最新标准

HSR与PRP是专注于解决高可靠性自动化网络传输的技术,其所属的国际标准为IEC 62439。最初,IEC发布此项标准主要目的是为了满足IEC 61850-5中所提到的变电站自动化应用中各通信组件或服务故障所要求的恢复时间问题,但协议设计时的通用性&#x…

PTA L1-017 到底有多二

前言:本期是关于到底有多二的详解,内容包括四大模块:题目,代码实现,大致思路,代码解读,今天你c了吗? 题目: 一个整数“犯二的程度”定义为该数字中包含2的个数与其位数…

Java多线程:Future和FutureTask

一、Future Future是一个接口&#xff0c;所有方法如下&#xff1a; 上源码&#xff1a; package java.util.concurrent; public interface Future<V> {boolean cancel(boolean mayInterruptIfRunning);boolean isCancelled();boolean isDone();V get() throws Interru…

5.3 场效应管的高频等效模型

由于场效应管各级之间存在极间电容&#xff0c;因而其高频响应与晶体管相似。根据场效应管的结构&#xff0c;可得出图5.3.1(a)所示的高频等效模型&#xff0c;大多数场效应管的参数如表1所示。由于一般情况下 rgsr_{gs}rgs​ 和 rdsr_{ds}rds​ 比外接电阻大得多&#xff0c;因…

Lesson 4.5 梯度下降优化基础:数据归一化与学习率调度

文章目录一、数据归一化方法1. 数据归一化计算公式1.1 0-1 标准化1.2 Z-Score 标准化1.3 非线性标准化2. 数据归一化算法执行过程3. 数据归一化算法评价4. Z-Score 标准化算法评价及横向对比二、梯度下降算法优化初阶1. 数据归一化与梯度下降算法优化2. 学习率调度3. 小批量梯度…

RV1126笔记二十六:lvgl移植

若该文为原创文章,转载请注明原文出处。 之前做项目的时候有了解到LVGL这个开源的gui库,有QT仿真过智能家居控制界面,也在STM32上移植过。 趁着过年期间就想着把它移植到自己的开发板上看看能不能正常跑起来。虽说不难,但也花了一些功夫,因此也在这里做下总结。 下载地址…

STC15系列PWM中断控制寄存器介绍以及PWM相关示例

STC15系列PWM中断控制寄存器介绍以及PWM呼吸灯代码实现&#x1f4cc;相关篇《STC15系列PWM功能相关功能寄存器介绍》✨以下数据来源于stc15手册。 &#x1f4d3;增强型PWM波形发生器的中断控制 1.PWM中断优先级控制寄存器:IP2 PPWMFD:PWM异常检测中断优先级控制位。 当PPWMFD…

微信小程序员010宠物交易系统商城系统

宠物交易系统商城系统分为用户小程序端和管理员后台网页端&#xff0c;其中后端是采用java编程语言&#xff0c;mysql数据库&#xff0c;idea开发工具&#xff0c;ssm框架开发&#xff0c;本系统分为用户和管理员两个端&#xff0c;其中用户可以在小程序端进行注册登陆&#xf…

嵌入式Linux从入门到精通之第十节:系统编程之进程

进程的定义 程序:程序是存放在存储介质上的一个可执行文件。进程:进程是程序的执行实例,包括程序计数器、寄存器和变量的当前值。程序是静态的,进程是动态的: 程序是一些指令的有序集合,而进程是程序执行的过程。进程的状态是变化的,其包括进程的创建、调度和消亡。 在…

【微服务】分布式搜索引擎elasticsearch(1)

分布式搜索引擎elasticsearch&#xff08;1&#xff09;1.elasticsearch1.1.了解ES1.1.1.elasticsearch的作用1.1.2.ELK技术栈1.1.3.elasticsearch和lucene1.1.4.为什么不是其他搜索技术&#xff1f;1.1.5.总结1.2.倒排索引1.2.1.正向索引1.2.2.倒排索引1.2.3.正向和倒排1.3.es…

08-linux网络管理-nc命令(TCP|UDP网络联通测试,文件传输,带宽测试)

文章目录1. 安装2. 选项2.1 帮助命令2.2 常用示例- 监听TCP端口&#xff08;默认&#xff09;- 监听UDP端口- 链接TCP端口- 链接UDP端口- 接收数据重定向- 上传数据3. 完整示例3.1 示例1&#xff08;端口联通检查&#xff09;3.2 示例2&#xff08;文件传输&#xff09;3.3 带宽…

Linux权限的基本知识

本文已收录至《Linux知识与编程》专栏&#xff01;作者&#xff1a;ARMCSKGT演示环境&#xff1a;CentOS 7 目录 前言 正文 权限是什么&#xff1f; Linux权限的划分 Linux用户的切换命令 Linux文件权限 Linux文件类型 Linux文件权限 Linux角色划分 文件权限的访问和…

buu [MRCTF2020]keyboard 1

题目描述&#xff1a; 题目分析&#xff1a; 由标题keyboard可知与键盘有关 看到一串数字有重复的&#xff0c;且重复数在1~4之间&#xff0c;符合九键拼音键盘 个数便对应位数 例如&#xff1a;6对应m , 666对应o 所以以上对应下来是 “mobilephond” 试过之后不对&#…