Presented at
Black Hat USA 1998,
July 30, 1998, 12:20 p.m.
(80 minutes)
Bruce will present his study which is focused on analyzing the passwords of 3,163 users of a corporate computer network. Since he actually has the plain text passwords of the users from a project Feist initiated, he was able to pump them into a database and then mine for information and correlations. Robert Morris Sr. & Ken Thompson did a similar analysis (although their details aren't nearly as comprehensive) in 1979 and he will use that to show some time / trend progressions. He doesn't think it will shock any of us who have dealt with security and know reusable passwords are insecure, but it will provide hard figures and new analysis.
Presenters:
-
Bruce Marshall
- CISSP at Feist Communications
as Bruce K. Marshall
Bruce K. Marshall, Information Security Specialist for Feist Communications Inc. He has studied identification and authentication systems for several years to gain insight into their inherent strengths and flaws. While the world grows increasingly computer based, he has fought to enforce acceptable means of securing these systems. As a member of the Biometric Consortium and other security groups, Bruce has been exposed to a wide variety of alternatives to standard authentication methods.
When he's not removing sticky notes on monitors, Bruce Marshall multitasks his attention between business internetworking technologies, network operating systems and the related security for these areas.
Similar Presentations: