This talk will cover the problem with password databases, and attempt to fix the problem by using a hardware security module (HSM) to secure the password database from over-the-wire theft. I will cover the minimum requirements of an HSM, discuss currently available HSMs, and then introduce a simple, fast, and inexpensive DIY solution that costs a little more than $20 per server.
Steve Thomas, aka Sc00bz, has been studying and optimizing time-memory tradeoffs since November 2007. He broke two poorly constructed hash functions: MySQL323 and XSHA1 (Battle.net's classic game hashing algorithm). He graduated from Northern Illinois University with a double major Computer Science and Math. He still regrets not attending the ballet classes.