MySQL Passwords - Password Strength and Cracking

Presented at DEF CON 12 (2004), July 31, 2004, 11:30 a.m. (20 minutes).

This talk will cover best practices for choosing MySQL passwords as well as the tools available to "crack" a MySQL password hash. It will NOT cover how to obtain a password hash, however. During the talk I will be introducing a new dictionary-based auditing tool, named "phpMyAudit". The tool is written in PHP and allows a user to run the application as a shell-based script, yet it also includes a web-based front end. This talk is primarily aimed at persons interested in choosing secure MySQL passwords, and persons who would like to "audit" an existing MySQL password hash.

Presenters:

• D. Egan - Senior Web Applications Developer, ICS MT
  D. Egan is a recent college graduate who has been a professional web-application developer for over 5 years. He currently works and lives in beautiful Missoula, Montana. This will be his 5th year attending Defcon, and his first Defcon speech.

Similar Presentations:

• DEF CON 17 (2009) / Advanced MySQL Exploitation
• GrrCON 2016 / Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell Scripting
• DEF CON 32 (2024) / Atomic Honeypot: A MySQL Honeypot That Drops Shells