Presented at
DEF CON 17 (2009),
Aug. 2, 2009, 4 p.m.
(50 minutes)
Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way.
Presenters:
-
Professor Sudhir Aggarwal
- Florida State University
Sudhir Aggarwal has been Professor of Computer Science at Florida State University since the fall of 2002 where he directs the E-Crime Investigative Technologies Laboratory. Previous to his current position, he was Chief Technology Officer of the Internet Content Delivery and Distribution business unit of Lucent Technologies where he was responsible for the architecture, portfolio, and development of the Imminet product line. Dr. Aggarwal's current research interests are in building software tools and systems that support cybersecurity and digital forensics. He is also interested in computer and communication networks where he has investigated infrastructures for network games and techniques for building efficient overlay networks.
-
Matt Weir
- PhD Student, Florida State University
Matt Weir is a PhD student at Florida State University who is specializing in password cracking research. Before his journey back into academia he worked as a network security engineer for Northrop Grumman. The projects he's been a part of have ranged from providing first responders with wireless access, to assisting the Defense Department with computer forensics. Why he decided to go back to school no one knows (including him sometimes). It wasn't the pay that's for sure!
Links:
Similar Presentations: