• Title/Summary/Keyword: Password Recovery

Search Result 12, Processing Time 0.023 seconds

GPU-Accelerated Password Cracking of PDF Files

  • Kim, Keon-Woo;Lee, Sang-Su;Hong, Do-Won;Ryou, Jae-Cheol
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.11
    • /
    • pp.2235-2253
    • /
    • 2011
  • Digital document file such as Adobe Acrobat or MS-Office is encrypted by its own ciphering algorithm with a user password. When this password is not known to a user or a forensic inspector, it is necessary to recover the password to open the encrypted file. Password cracking by brute-force search is a perfect approach to discover the password but a time consuming process. This paper presents a new method of speeding up password recovery on Graphic Processing Unit (GPU) using a Compute Unified Device Architecture (CUDA). PDF files are chosen as a password cracking target, and the Abode Acrobat password recovery algorithm is examined. Experimental results show that the proposed method gives high performance at low cost, with a cluster of GPU nodes significantly speeding up the password recovery by exploiting a number of computing nodes. Password cracking performance is increased linearly in proportion to the number of computing nodes and GPUs.

Recoverable Password Based Key Exchange Protocol (복구 가능한 패스워드 기반 키 분배 프로토콜)

  • 손기욱;최영철;박상준;원동호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.5
    • /
    • pp.97-104
    • /
    • 2001
  • In this paper, we propose Recoverable Password Based Key Exchange Protocol(RPKEP). RPKEP has user who has password, server which share the secret key information with user, and password recovery agency(PRA) which help to recover the user\`s password. Proposed protocol has some advantages that it is secure against off-line dictionary attack which is considered most important in password based key exchange protocol and suer\`s security is preserved even though user\`s secret information stored in the server is disclosed. By applying Chaum\`s blind signature scheme in the process of password recovery, even the PRA can\`t obtain any information about user\`s password.

The Analysis of Cipher Padding Problem for Message Recovery Security Function of Honey Encryption (허니암호의 메시지 복구보안 기능을 위한 암호패딩 문제점 분석)

  • Ji, Changhwan;Yoon, Jiwon
    • Journal of KIISE
    • /
    • v.44 no.6
    • /
    • pp.637-642
    • /
    • 2017
  • Honey Encryption (HE) is a technique to overcome the weakness of a brute-force attack of the existing password-based encryption (PBE). By outputting a plausible plaintext even if the wrong key is entered, it provides message recovery security which an attacker can tolerate even if the attacker tries a brute-force attack against a small entropy secret key. However, application of a cipher that requires encryption padding to the HE present a bigger problem than the conventional PBE method. In this paper, we apply a typical block cipher (AES-128) and a stream cipher (A5 / 1) to verify the problem of padding through the analysis of the sentence frequency and we propose a safe operation method of the HE.

PDF Version 1.4-1.6 Password Cracking in CUDA GPU Environment (PDF 버전 1.4-1.6의 CUDA GPU 환경에서 암호 해독 최적 구현)

  • Hyun Jun, Kim;Si Woo, Eum;Hwa Jeong, Seo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.12 no.2
    • /
    • pp.69-76
    • /
    • 2023
  • Hundreds of thousands of passwords are lost or forgotten every year, making the necessary information unavailable to legitimate owners or authorized law enforcement personnel. In order to recover such a password, a tool for password cracking is required. Using GPUs instead of CPUs for password cracking can quickly process the large amount of computation required during the recovery process. This paper optimizes on GPUs using CUDA, with a focus on decryption of the currently most popular PDF 1.4-1.6 version. Techniques such as eliminating unnecessary operations of the MD5 algorithm, implementing 32-bit word integration of the RC4 algorithm, and using shared memory were used. In addition, autotune techniques were used to search for the number of blocks and threads that affect performance improvement. As a result, we showed throughput of 31,460 kp/s (kilo passwords per second) and 66,351 kp/s at block size 65,536, thread size 96 in RTX 3060, RTX 3090 environments, and improved throughput by 22.5% and 15.2%, respectively, compared to the cracking tool hashcat that achieves the highest throughput.

A Design of Certificate Password Recovery Using Decentralized Identifier (DID를 사용한 인증서 암호 복구)

  • Kim, Hyeong-uk;Kim, Sang-jin;Kim, Tae-jin;Yu, Hyeong-geun
    • Journal of Venture Innovation
    • /
    • v.2 no.2
    • /
    • pp.21-29
    • /
    • 2019
  • In the public certificate technology commonly used in Korea, users have a cumbersome problem of always resetting when they forget their password. In this paper, as a solution to this problem, we propose a secure authentication certificate password recovery protocol using blockchain, PKI, and DID for distributed storage. DID is a schema for protecting block ID in blockchain system. The private key used in the PKI is configured as a user's biometric, for example, a fingerprint, so that it can completely replace the memory of the complex private key. To this end, based on the FIDO authentication technology that most users currently use on their smartphones, the process of authenticating a user to access data inside the block minimizes the risk of an attacker taking over the data.

Solving the Discrete Logarithm Problem for Ephemeral Keys in Chang and Chang Password Key Exchange Protocol

  • Padmavathy, R.;Bhagvati, Chakravarthy
    • Journal of Information Processing Systems
    • /
    • v.6 no.3
    • /
    • pp.335-346
    • /
    • 2010
  • The present study investigates the difficulty of solving the mathematical problem, namely the DLP (Discrete Logarithm Problem) for ephemeral keys. The DLP is the basis for many public key cryptosystems. The ephemeral keys are used in such systems to ensure security. The DLP defined on a prime field $Z^*_p of random prime is considered in the present study. The most effective method to solve the DLP is the ICM (Index Calculus Method). In the present study, an efficient way of computing the DLP for ephemeral keys by using a new variant of the ICM when the factors of p-1 are known and small is proposed. The ICM has two steps, a pre-computation and an individual logarithm computation. The pre-computation step is to compute the logarithms of a subset of a group and the individual logarithm step is to find the DLP using the precomputed logarithms. Since the ephemeral keys are dynamic and change for every session, once the logarithms of a subset of a group are known, the DLP for the ephemeral key can be obtained using the individual logarithm step. Therefore, an efficient way of solving the individual logarithm step based on the newly proposed precomputation method is presented and the performance is analyzed using a comprehensive set of experiments. The ephemeral keys are also solved by using other methods, which are efficient on random primes, such as the Pohlig-Hellman method, the Van Oorschot method and the traditional individual logarithm step. The results are compared with the newly proposed individual logarithm step of the ICM. Also, the DLP of ephemeral keys used in a popular password key exchange protocol known as Chang and Chang are computed and reported to launch key recovery attack.

The Recovery of the Deleted Certificate and the Detection of the Private-Key Encryption Password (삭제된 공인인증서의 복구 및 개인키 암호화 패스워드의 검출)

  • Choi, Youn-Sung;Lee, Young-Gyo;Lee, Yun-Ho;Park, Sang-Joon;Yang, Hyung-Kyu;Kim, Seung-Joo;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.41-55
    • /
    • 2007
  • The certificate is used to confirm and prove the user's identity in online finance and stocks business. A user's public key is stored in the certificate(for e.g., SignCert.der) and the private key, corresponding to public key, is stored in the private key file(for e.g., SignPri.key) after encryption using the password that he/she created for security. In this paper, we show that the certificate, deleted by the commercial certificate software, can be recovered without limitation using the commercial forensic tools. In addition, we explain the problem that the private key encryption password can be detected using the SignCert.der and the SignPri.key in off-line and propose the countermeasure about the problem.

The design of web-based password recovery system (웹기반의 패스워드 해독 시스템 설계)

  • Lee, Sang-Su;Un, Sung-Kyong
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2012.06c
    • /
    • pp.263-265
    • /
    • 2012
  • 컴퓨터나 스마트폰과 같은 디지털 장비로부터 범죄와 관련된 디지털 정보를 발견하거나 복구해내는 디지털 포렌식 기술은 컴퓨터 공학 기술뿐만 아니라 암호학과 같은 다양한 자연과학적 분야들이 적용되는 분야이다. 특히, 용의자가 암호화한 파일을 복호화하거나, 암호화에 사용한 패스워드를 발견해내는 기술은 수사에 결정적인 역할을 하는 경우가 빈번하여, 포렌식 수사관들의 의존도가 높은 기술분야로 인식되고 있다. 대부분은 직접적인 복호화보다 패스워드를 유추하거나 발견해내는 기술들이 주를 이루고 있다. 본 논문에서는 이러한 패스워드 검사작업을 위한 다양한 기능들을 소개하고 이를 웹기반의 분산처리 방식을 통해 고속으로 수행할 수 있는 시스템의 설계 내용에 대해 기술한다.

The Secure Password Recovery Scheme at Secure USB System of On/Off-Line Enviroment (On/Off-Line 환경에서의 안전한 보안USB 비밀번호 복구방법)

  • Lee, Sun-Ho;Lee, Im-Yeong
    • Annual Conference of KIPS
    • /
    • 2009.11a
    • /
    • pp.677-678
    • /
    • 2009
  • USB메모리의 분실 및 도난을 통하여 개인정보 유출 사건이 증가함에 따라 보안USB 솔루션이 개발되어 사용자들에게 제공되고 있다. 이러한 보안USB 솔루션은 비밀번호를 기반으로 사용자 인증을 제공 하고 있어 비밀번호 분실 시 보안영역에 접근할 수 없는 불편함을 가지고 있다. 이를 해결하기 위해 여러 보안USB 솔루션에서 서버를 이용한 비밀번호 백업/복구 서비스를 제공하지만 이 또한 네트워크에 연결되어 있지 않은 클라이언트에서 비밀번호를 변경 시 변경된 비밀번호가 서버에 동기화 되지 못하는 문제가 발생되고 있다. 따라서 본 논문은 Off-Line 환경에서 변경된 비밀번호를 USB메모리에 안전하게 저장한 뒤 On-Line 환경으로 변경 시 변경된 비밀번호를 서버와 동기화 하는 방법을 제시한다.

Research Trends on Password Recovery of Encrypted Files (암호화된 파일의 비밀번호 복구 연구 동향)

  • Se-Young Yoon;Hyun-Ji Kim;Hwa-Jeong Seo
    • Annual Conference of KIPS
    • /
    • 2024.05a
    • /
    • pp.218-221
    • /
    • 2024
  • IT 기술과 매체의 발전으로 자료의 디지털화가 진행되면서 디지털 증거는 현대의 범죄 수사에서 중요한 부분을 차지하고 있다. 이러한 디지털 증거들이 암호화되어 있는 일이 빈번하게 발생함에 따라, 수사관은 수사 과정에서 직접 암호화를 해제해야 하는 어려움을 겪고 있다. 해당 문제에 대응하기 위해 암호화된 파일의 비밀번호를 복구하는 연구가 활발히 진행되어 왔으며, 암호 연산을 빠르게 처리할 수 있는 프로세서를 활용하여 복구 속도를 향상시키는 방안 또한 연구되고 있다. 본 논문에서는 현재 사용되고 있는 비밀번호 복구 도구들을 분석하고, 높은 사용률을 보이는 문서들의 비밀번호를 복구하는 기존 연구들과 함께 향후 연구의 방향성을 살펴본다.