Buying Time - What is your Data Worth? (A Generalized Solution to Distributed Brute Force Attacks)

Presented at DEF CON 16 (2008), Aug. 9, 2008, 1 p.m. (50 minutes).

Brute Force attacks are often marginalized as a user issue or discounted as a non-issue because of sufficient password complexity. Because rainbow tables have provided a re-invigoration of this type of attack, maintaining password security is simply not enough. In this session, I will be releasing a framework for easily creating a brute force attack tool that is both multithreaded and distributed across multiple machines. As computing power continues to grow along with the ability to rent cycles and storage space, it becomes reasonable to add a money-time trade-off to brute force and dictionary attacks. Distributed computing combined with rainbow tables mean brute force attacks can now be very effective. I will present a version of a popular brute force tool which I modified to increase its speed by several orders of magnitude. Additionally I will demonstrate how to adopt an existing tool to utilize this framework.


Presenters:

  • Adam Bregenzer / arcon - Security Researcher   as Adam Bregenzer
    Adam Bregenzer is actively involved in technology research and development. As a charter member of the kaos.theory computer security consortium, he developed and presented various projects to the Information Security industry at a number of national conventions. He was a contributing author to the O'Reilly Series of programming manuals. He developed a number of nationally recognized websites and projects receiving worldwide press from Wired News, the New York Times, The Register, the Boston Globe, and the LA Times.

Links:

Similar Presentations: