By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, we’ll demonstrate which dictionary attacks are the most effective. Further research will allow for the building of passphrase dictionaries from commonly accessible sources and their effectiveness will be analyzed.
Steve is an independent information security consultant and researcher. He was formerly the Chief Information Security Officer at the University of Texas at San Antonio (UTSA), as well as enterprise information security officer for the Virginia Department of Corrections and Virginia Commonwealth University. Before making the shift to information security program management, he operated an information security consultancy with an international client base largely consisting of ISPs, web hosting firms and ecommerce businesses. He has an engineering degree, an MBA and numerous certs, but is prouder of the fact he hasn’t signed his name the same way twice since 2009.
Randy is an information security analyst with the University of Texas at San Antonio. He has a BBA with a major in Management of Information Systems from St. Mary’s University. Randy has an extensive training and web development background and joined the security team over three years ago. He’s designed and administrated several enterprise systems including; online learning and visitor websites, virtual classrooms, an enterprise ADA compliance aggregator, among others, and most recently, received his GIAC Certified Penetration Tester (GPEN) certification. He’s currently in charge of Education and Consulting for UTSA’s Office of Information Security.