Password Cracking, From "abc123" to "thereisnofatebutwhatwemake"

Passwords13 Las Vegas

Presented by: Joshua Dustin (jdustin), Kevin Young (IT3700)
Date: Wednesday July 31, 2013
Time: 16:00 - 16:50
Location: Main Room
Track: Passwords13

When cracking passwords, we all have GPU envy. But with nothing more than Backtrack, a laptop, and some overlooked resources, you too can crack everything from simple passwords to complex passphrases.

There's nothing worse than being at a loss for words, especially when the words you've lost can give an attacker full access to your network. We've seen the recent increase in public password hash breaches affect everyone, from dating sites to defense contractors. In this presentation, Josh starts at the beginning and moves to the point where you've exhausted all your cracking dictionaries. Then, he moves to mining new words and phrases from relevant tweets and other online sources. Building on Josh's work, Kevin blows open the door on book titles, movie scripts, and Dr. Seuss rhymes to reveal the secrets of the once-impregnable passphrase. The effort doesn't take a massive investment in cores or code. We've used thrown-together bash and Perl scripts, public APIs, a laptop in a hotel room, and a quad-core system in a home office.

Join us on a journey from qwerty, changeme, and p@55w0rd to Thecoldplay40, H1N1influenza, tothineownselfbetrue.

Kevin Young

Kevin Young, aka IT3700, is a Sr Security Administrator at Adobe and teaches night classes at Utah Valley University. He's also a member of team john-users, and is a boss at cracking passphrases. He is well educated and has a lot of certifications. We assume he'll be the only one at the conference wearing a suit, and the only one who will receive a senior citizen's discount at the buffet. Some say he knows two facts about ducks, and both of them are wrong.

Joshua Dustin

Joshua Dustin, aka jdustin, is the Director of Information Security at HireVue. He holds several security certifications, and has presented at UtahSAINT and the Novell Security Summit. Not much is known about jdustin, but some say he naturally faces magnetic north, and that he is confused by stairs...


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats