A unique look on password security and weaknesses stemming from human psychology, technology and policies. Several novel techniques and tools will be discussed to exploit these weaknesses.
The field of password security lies at the intersection of human psychology and technology with both parts contributing both to its strengths and weaknesses. This presentation will discuss password weaknesses stemming from the human side and practical techniques to exploit them using an updated version of PACK (Password Analysis and Cracking Kit).
Defenders will benefit from this talk through greater awareness of password cracking techniques as well as inherent weaknesses in corporate/website policies. Folks on the offensive side are going to enhance their practices to aid in password attacks during penetration tests. Last, but definitely not least, security researchers will be exposed to the exciting field of password analysis and hopefully be inspired to further contribute to it.
Peter Kacherginsky, aka iphelix, is an American security researcher and password cracking expert. He is best known as the primary developer of PACK. He is also a member of team hashcat, and spends his free time developing new password analysis techniques and tools. Some say that his voice can only be heard by cats.