From 3ad1103b5a34983f1683d0dd5052776cecf4c67c Mon Sep 17 00:00:00 2001 From: Jan Vales Date: Sat, 3 May 2014 22:01:50 +0200 Subject: [PATCH] report1 feedback eingearbeitet. --- report1/content.tex | 103 +++++++++++++++++++++++++++++++++++++++ report1/main.tex | 114 ++++---------------------------------------- 2 files changed, 113 insertions(+), 104 deletions(-) create mode 100644 report1/content.tex diff --git a/report1/content.tex b/report1/content.tex new file mode 100644 index 0000000..2e57860 --- /dev/null +++ b/report1/content.tex @@ -0,0 +1,103 @@ + +\newpage\section{Questions (6 points)} +\subsection{What is the password of the container?} +After cracking the password using bruteforce the password was found to be +\begin{quote}4865\end{quote} + + +\subsection{What is the secret in the container?} +The container had a file secret.txt with the following content +\begin{quote}\ttfamily{64e86b30466d506fdf6c0cd976ef4ba798a9cd4faf}\end{quote} + + +\subsection{What was saved in the container by Spongebob?} +The container had 3 files in it:\\ + + +\subsubsection{awesome.jpg} +The File is a picture of spongebob looking at a rainbow. +\begin{quote} +\textbf{size}: 362372 byte\\ +\textbf{''file''-output}: JPEG image data, EXIF standard\\ +\textbf{sha512}\\\ttfamily{ +d27a77d59c21732d5edd192423ab8402fee3e46e0aa2bfde5f7032c2f7ee706c\\ +772ab08658e48c7558737809c00ce70355bdfaa1ca588d21ca43081eb4f2119a} +\end{quote} + + +\subsubsection{secret.txt} +File contains a hexadecimal String of length 42. +\begin{quote} +\textbf{size}: 42 byte\\ +\textbf{''file''-output}: ASCII text, with no line terminators\\ +\textbf{sha512}\\\ttfamily{ +47bae836b0320214341f89a8be9831ec6d8921970292488522aea4d1b41da6ea\\ +68921775c50de78cd06ffd7bb092c0e2fee7a00f6b2ba0153d7ccb3240531132} +\end{quote} + + +\subsubsection{wasted.jpg} +The File is a picture of spongebob and another individual. +\begin{quote} +\textbf{size}: 100058 byte\\ +\textbf{''file''-output}: JPEG image data, JFIF standard 1.01\\ +\textbf{sha512}\\\ttfamily{ +61aa8217eb71360c9c15255f73ab849dc173384de6465d18c276f6a4a4bbc236\\ +f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e} +\end{quote} + + + + +\newpage\section{Analyze (2 points)} +On my machine/setup I can probe for 18 passwords per second.\\ + +\subsection{How much time is needed for brute forcing different password lengths and character sets?} +Numeric passwords have only 10 possible states with one digit.\\ +With a 4 digit password it would take at max (10**4) 10000 operations or 555 seconds (or 9.2 minutes) to bruteforce such a password.\\ +If we add lowercase characters, we get 36 possible states with one digit.\\ +With a 4 digit password it would take at max (36**4) 1679616 operations or 93312 seconds (or 25.92 hours) to bruteforce such a password.\\ +If we add uppercase letters, we get 62 possible states with one digit.\\ +With a 4 digit password it would take at max (62**4) 14776336 operations or 820907 seconds (or 228.02 hours) to bruteforce such a password.\\ +We can add non-alphanumeric characters to get even more possible states with one digit.\\ + + +\subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)} +10 years have 315576000 seconds. +If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\ +This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\ +Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\ +But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA. + + + + +\newpage\section{Details} +\subsection{Container} +\begin{quote} +\textbf{size}: 1048576 byte\\ +\textbf{''file''-output}: data\\ +\textbf{sha512}\\\ttfamily{ +543d0debc10eb3d2a8cc584eec273b84526891cbb2c594bd92150596b96b56c4\\ +44d1fd8e55f3434eb1f2d9386f4c91af0151832125e5f707eb4d4815bf793b78} +\end{quote} + + +\subsection{Used tools} +Tools that were used for analysis (-{}-version): +\begin{itemize} +\item TrueCrack v3.5 +\item sha512sum (GNU coreutils) 8.5 +\item wc (GNU coreutils) 8.5 +\item ls (GNU coreutils) 8.5 +\end{itemize} + + +\subsection{Machine tools} +\begin{itemize} +\item \textbf{Virtual machine}\\ +Linux debian 3.2.0-0.bpo.4-amd64 \#1 SMP Debian 3.2.51-1~bpo60+1 x86\_64 GNU/Linux +\item \textbf{Oracle VirtualBox} 4.3.10 +\item \textbf{Host machine}\\ + Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux +\end{itemize} diff --git a/report1/main.tex b/report1/main.tex index 66d8b8f..d2b2235 100644 --- a/report1/main.tex +++ b/report1/main.tex @@ -101,21 +101,18 @@ % START DOCUMENT \begin{document}\thispagestyle{empty} +\hspace{50pt} +\section*{Digital Forensics 188.922} +\textbf{2014S} +\section*{Assignment 1} +\textbf{Truecrypt} -\section*{RFC/Cover} -As there is no template or any information on how and what shall (not) be included in a report or how a report should look like, this report is a work-in-progress-RFF (request for feedback).\\ +\section*{Jan Vales} +\textbf{0726236\\\url{mailto:jan@jvales.net}}\\\\ +\textbf{Still want an official \LaTeX{} template!}\\ -\section*{Cover} -be here...\\ -Is there a template for me to use?\\ -i can has a real forensic report?\\ - -\section*{Author} -\textbf{Jan Vales\\0726236\\\url{mailto:jan@jvales.net}\\\\ -Assignment 1: Truecrypt\\Digital Forensics\\188.922-2014S} - -\newpage +\vspace{50pt} \section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize} \subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\ @@ -123,97 +120,6 @@ git clone \url{ssh://git@git.somenet.org:666/priv/jan/digfor}\\ This is revision: \textbf{\gitAbbrevHash}. Document (.tex) compiled on: \textbf{\today} \end{footnotesize}\vspace{\fill}\newpage - -\newpage\section{Questions (6 points)} -\subsection{What is the password of the container?} -After cracking the password using bruteforce the password was found to be -\begin{quote}4865\end{quote} - -\subsection{What is the secret in the container?} -The container had a file secret.txt with the following content -\begin{quote}\ttfamily{64e86b30466d506fdf6c0cd976ef4ba798a9cd4faf}\end{quote} - -\subsection{What was saved in the container by Spongebob?} -The container had 3 files in it:\\ - -\subsubsection{awesome.jpg} -The File is a picture of spongebob looking at a rainbow. -\begin{quote} -\textbf{size}: 362372 byte\\ -\textbf{''file''-output}: JPEG image data, EXIF standard\\ -\textbf{sha512}\\\ttfamily{ -d27a77d59c21732d5edd192423ab8402fee3e46e0aa2bfde5f7032c2f7ee706c\\ -772ab08658e48c7558737809c00ce70355bdfaa1ca588d21ca43081eb4f2119a} -\end{quote} - -\subsubsection{secret.txt} -File contains a hexadecimal String of length 42. -\begin{quote} -\textbf{size}: 42 byte\\ -\textbf{''file''-output}: ASCII text, with no line terminators\\ -\textbf{sha512}\\\ttfamily{ -47bae836b0320214341f89a8be9831ec6d8921970292488522aea4d1b41da6ea\\ -68921775c50de78cd06ffd7bb092c0e2fee7a00f6b2ba0153d7ccb3240531132} -\end{quote} - - -\subsubsection{wasted.jpg} -The File is a picture of spongebob and another individual. -\begin{quote} -\textbf{size}: 100058 byte\\ -\textbf{''file''-output}: JPEG image data, JFIF standard 1.01\\ -\textbf{sha512}\\\ttfamily{ -61aa8217eb71360c9c15255f73ab849dc173384de6465d18c276f6a4a4bbc236\\ -f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e} -\end{quote} - - -\newpage\section{Analyze (2 points)} -\subsection{How much time is needed for brute forcing different password lengths and character sets?} -Numeric passwords have only 10 possible states with one digit.\\ -With a 4 digit password it would take at max (10**4) 10000 operations to bruteforce such a password.\\ -If we add lowercase characters, we get 36 possible states with one digit.\\ -With a 4 digit password it would take at max (36**4) 1679616 operations to bruteforce such a password.\\ -If we add uppercase letters, we get 62 possible states with one digit.\\ -With a 4 digit password it would take at max (62**4) 14776336 operations to bruteforce such a password.\\ -We can add non-alphanumeric characters to get even more possible states with one digit.\\ - - -\subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)} -10 years have 315576000 seconds. On my machine/setup I can probe for 18 passwords per second.\\ -If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\ -This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\ -Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\ -But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA. - - -\newpage\section{Details} -\subsection{Container} -\begin{quote} -\textbf{size}: 1048576 byte\\ -\textbf{''file''-output}: data\\ -\textbf{sha512}\\\ttfamily{ -543d0debc10eb3d2a8cc584eec273b84526891cbb2c594bd92150596b96b56c4\\ -44d1fd8e55f3434eb1f2d9386f4c91af0151832125e5f707eb4d4815bf793b78} -\end{quote} - - -\subsection{Used tools} -Tools that were used for analysis (-{}-version): -\begin{itemize} -\item TrueCrack v3.5 -\item sha512sum (GNU coreutils) 8.5 -\item wc (GNU coreutils) 8.5 -\item ls (GNU coreutils) 8.5 -\end{itemize} - -\subsection{Machine tools} -\begin{itemize} -\item \textbf{Virtual machine}\\ -Linux debian 3.2.0-0.bpo.4-amd64 \#1 SMP Debian 3.2.51-1~bpo60+1 x86\_64 GNU/Linux -\item \textbf{Oracle VirtualBox} 4.3.10 -\item \textbf{Host machine}\\ - Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux -\end{itemize} +\input{content.tex} \end{document} -- 2.43.0