This project is due at 11:59pm on Friday, October 2, 2020.

Description and Deliverables

In this project, you will gain hands on experience cracking passwords and you will hopefully adopt better password practices that you take with you in your career. As such, this project has two distinct parts. I highly recommend that you start part one immediately: the necessary computations can take days to complete!

To receive full credit for this project, you will turn in the following two things:

A file named cracked.txt that contains the usernames and cracked passwords for the 50 users contained in this leaked /etc/shadow file.
A file named password_policy.txt which contains a few sentences explaining which password manager you are using.
You will need to setup 2FA for your github account.

Each of these deliverables is described in greater detail below.

Part 1: Password Cracking

Linux systems typically store cryptographically hashed user passwords in crypt format in the /etc/shadow file. If you have sudo access to a Linux system, you can view this file on your own system (don’t try to look at this file on systems you don’t own, like the Khoury College Linux machines). The file format for the /etc/shadow file is described here.

In this part of the project, you will crack the hashed passwords contained in this leaked /etc/shadow file. There are 50 usernames and passwords in the file, meaning that it will take several days of compute power to crack all 50 passwords, so start this process early!

Cracking Tools

We recommend that students use well-known, heavily optimized cracking tools like John the Ripper or HashCat for this part of the project. Both tools are available for multiple platforms, although they are trivial to install on Debian-based Linux systems:

sudo apt install john
sudo apt install hashcat

Both tools have built-in support for the /etc/shadow file format, have the ability to pause and resume cracking sessions (a useful feature, since cracking can take hours/days), and support multiple different strategies for guessing passwords (e.g. brute force, word lists, etc.). We leave it to you to determine which tool you prefer and learn its command line syntax. Students are welcome to use whatever password guessing approach they want; many wordlists are available for free online, including from the John the Ripper homepage.

John the Ripper and HashCat both have the ability to run in multi-threaded configurations (i.e. they try to crack multiple passwords in parallel). We highly recommend that students utilize these features; for example, on a quad-core laptop, running John the Ripper with the “–fork=3” option to use three CPU cores is a reasonable approach. Alternatively, if your computer has a GPU, we highly recommend using the GPU-optimized, OpenCL modes available in both programs, since GPUs are several orders of magnitude faster at password cracking than CPUs.

Cracking Approach

The leaked shadow file is designed to have a sliding difficulty scale. Without doing anything fancy, roughly half of the passwords should crack in just a few minutes. Why do you think these passwords were so easy to crack?

With a reasonably comprehensive wordlist/dictionary (links to examples are provided in Part 2 of the project) combined with common permutation rules, another ~15 passwords should crack within 24 hours. For example, using John the Ripper the following command will attempt to crack the passwords using a wordlist of your choice and John’s built-in permutation rules (e.g. capitalizing the first and last letters of words, adding random numbers to the end of words, etc.).

$ john –wordlist=[path to your wordlist] –rules –fork=3 [path to the shadow file]

The remaining ~10 passwords are more challenging, and require more expansive permutation rules (hint: symbols) or even raw brute force to crack. For example, using John the Ripper, you can attempt a brute force attack against the shadow file using all combinations of ASCII characters with length <14 using the following command:

$ john –incremental=ASCII –fork=3 [path to the shadow file]

Note that this kind of brute force approach will take a long time to complete.

More Hints

If you are having slow runtime with hashcat and are using a Mac make sure that you downloaded hashcat with brew in terminal. Brew automatically will optimize hashcat for your computer and give you a faster runtime.

$ brew install hashcat

If you are using JTR, make sure you are using John Jumbo. There are some attack modes missing from the original John that are necessary for this assignment. You may have already experienced this issue if you could not use mask attacks.

$ brew install john-jumbo

For this project we want to expand beyond just using wordlists and rules to other types of attacks. In particular we want to be using mask and hybrid attack modes. Unfortunately only using rules will not be successful for cracking all the hashes in this project.

Mask attacks are what allow us to essentially “brute force” the hashes. It is different from brute forcing because with masks we seek to reduce the key space we use for a candidate password by specifying character-sets to in order to be more efficient

Let’s say we want to crack the password “dhJ” and we only know that it is 3 characters long and consists of lowercase and uppercase letters. This password is not likely in a dictionary so we would need to use a mask attack.

In order to do this , we need to fill 3 placeholders with a custom character-set. To create this custom character-set we use -1 and then specify that I want all uppercase letters (?u) and all lowercase letters (?l). The total key space for the custom character-set is now 52. We then want to specify how many placeholders to use this custom character-set for (3).
```
$ hashcat ... -a 3  -1?u?l ?1?1?1
```
(Note the ... above requires all the basic arguments about where the shadow file is, etc.)

Typical brute-force would use all characters so by specifying a character with a smaller key space we reduce the total runtime.
Hybrid attacks allow us to combine both masks and wordlists. Let’s say we had a dictionary with just the word “northeastern” If the password we want to crack is “northeastern873”, it would be very hard to do this with rules. However with this attack mode, a mask is simply appended to the word from the wordlist. In this case we want to append 3 placeholders of the digits 0-9 (?d).
```
hashcat -a 6 example.dict ?d?d?d
```
If you don’t know where to begin, start with incrementing the length of your mask/hybrid attack in hashcat with -i in order to cover all your cases.
We’ve learned that Mercutio likes to use a bunch of funny characters at the end of his password. In particular, he likes to add something from the top row of the keyboard: ?d@!#$%^&.,*()_-
From a previous password breach, we’ve learned that anklebear ends his password with a digit and 4 uppercase letters.

File Format for Part 1

To complete part 1 of this project, you will turn in a file named cracked.txt that contains the usernames and cracked passwords for the 50 users in the leaked shadow file. Each user and corresponding password should appear on one line in cracked.txt separated by a colon. For example, the format of a valid submission might look like this:

romeo:really_strong_password6@
juliet:1337cr4ck1ngsk1llz
tybalt:weak1234
mercutio:lalala

Part 2: Good Password Habits

In this part of the project, you will practice good password habits by (a) learning how to pick a passphrase, (b) installing and using a password manager, and (c) setting up 2FA for your github account.

Good passwords

One big reason why people choose weak passwords that are easily cracked is because they have been taught that only confusing passwords are secure. People either reject this advice and leave themselves vulnerable, or adopt password creation heuristics that are not resilient to cracking in practice (e.g. English word plus one capital letter, one random number, and one random symbol).

Since the early 90s, security researchers have advocated various password strategies to avoid those pitfalls; a folklore strategy is to pick a passphrase consisting of easy-to-type words. Several websites expore this concept. For example, usepassphrase provides a slick interface to this idea.

However, why should we trust the random number generator in our browser to select a password? And why should we trust that the website above isn’t logging the result? To prepare a truly offline password, you will use the diceware approach explained. That author has produced a list of 7776 short words in this file. The idea is that you roll dice 5 times to select a word in this list (because $6^5 = 7776$). If you want a 5-word password, repeat this 5 times. The main question is whether this passphrase is “memorable.”

Your first step is to use the diceware approach to pick a passphrase you will use to create an account on a test server.

This method is a robust method for picking unguessable passwords which you can train yourself to remember. Some people store large amounts of money in Bitcoin and they do not want to trust a hardware device to store their Bitcoin wallet key—these people often use a method similar to this. In fact, that it has been formalized as Bitcoin Improvement Proposal 39 (BIP39). I know people who have stored substantial sums using this method, and have challenged attackers to guess their passphrase with nobody succeeding.

Password manager

Install a password manager on your main computer and your phone. Investigate several offerings such as Lockwise, 1Password, Dashlane, or LastPass.

Two Factor authentication

Setup 2FA for your github account. Under Settings, select Account security on the left side of the screen, and then follow the instructions to enable Two factor Authentication.
We have invited you to join the Neu2550 organization. The organization has a policy that all members have two-factor authentication enabled. Thus, you won’t be able to acccept the invitation until step 1 is complete. Note: we invited everyone who finished project0 (when you saved a file containing your github account name). We use this name to send the invitation, so if you do not see an invitation, please reach out to us as soon as possible!
Once we verify you have joined our org (and thus setup 2fa), you will receive the extra 20 points for the assignment.

This component of the assignemnt is self-driven and you can get out from it what you want. I encourage you to add second factor authentication to your other accounts such as google, etc.

Submission Details

Please follow these directions exactly.

Create a directory project1 under your git repo.
Add the file cracked.txt to this directory.
Add the file password_policy.txt containing which password managers you studied, and an explanation on why you picked the one you choose.
Submit your project in gradescope. Feel free to resubmit the project as many times as you like. It is ok to have extra files in the repository as well, just make sure you have those two for us to find.

Grading

This project is worth 10% of your final grade, broken down as follows (out of 100):

1 point each - for cracking the first 30 passwords
2 points each - for cracking 31 to 40 passwords
4 points each - for cracking passwords 41 to 50
20 pts - joining our github group

Points can be lost for turning in files in incorrect formats (e.g. not ASCII), failing to follow specified formatting or naming conventions, failing to compile, failing to follow specified command line syntax, insufficient or incorrect randomization, etc., failing to follow specified formatting or length conventions, etc.

Tips

Cracking passwords can take days so start part 1 of the project as soon as possible!

Project 1: Passwords