Abusing Password Reuse at Scale: Bcrypt and Beyond

BSidesLV 2018

Presented by: Sam Croley
Date: Wednesday August 08, 2018
Time: 14:00 - 14:55
Location: Ground1234!

In this talk we will cover a new attack methodology based on the concept of “offline credential stuffing”. This approach makes use of large amounts of correlated data and abuses the commonality of user password reuse to efficiently reduce the workload required to attack large lists of slow, salted hashes.

Sam Croley


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats