| 10:00 |
Shostack
|
Opening Keynote |
| 11:10 |
Gosney,
Thorsheim
|
Welcome & Announcements |
| 11:20 |
Angwin
|
Passwords Opening Keynote |
| 12:00 |
Dustin
|
How we deciphered millions of users’ encrypted passwords without the decryption keys. |
Thorsheim
|
Secure your email – Secure your password |
|
| 12:30 |
James
|
Is Pavlovian Password Management The Answer? |
Segreti,
Ur
|
Highlights of CMU’s Recent Work in Preventing Bad Passwords |
|
| 14:00 |
Preuß
|
DoCatsLikeLemon? – Advanced phrase attacks and analysis |
Aumasson
|
Password Hashing Competition: the Candidates |
|
| 14:30 |
Biryukov,
Großschädl,
Khovratovich
|
Tradeoff cryptanalysis of password hashing schemes |
Ray,
Zaverucha
|
What Microsoft would like from the Password Hashing Competition |
|
| 15:00 |
Rechberger
|
Using cryptanalysis to speed-up password cracking |
| 15:40 |
White
|
Password Security in the PCI DSS |
Marshall
|
How Forced Password Expiration Affects Password Choice |
|
| 16:50 |
Thomas
|
Defense with 2FA |
Stanislav
|
Security for the People: End-User Authentication Security on the Internet |
|
| 18:00 |
Chrysanthou
|
I have the #cat so I make the rules |
Cvrcek
|
Authentication in the Cloud – Building Service |
|
| 18:40 |
Power
|
Penetrate your OWA |
Hoffman-Andrews,
Zhu
|
How EFF is Making STARTTLS Resistant to Active Attacks |
|
| 21:30 | PasswordsCon Pool Party feat. DJ Keith Myers — Sponsored by Stricture Group |
| 10:00 |
Chastuhin,
Polyakov
|
All your SAP P@$$w0ЯdZ belong to us |
Nehrboss,
Paquet
|
Proof of work as an additional factor of authentication |
|
| 10:30 |
Marx
|
Target specific automated dictionary generation |
Crowther
|
The future of mobile authentication is here |
|
| 11:10 |
Thomas
|
Bitslice DES with LOP3.LUT |
Pornin
|
Password hashing delegation: how to get clients work for you |
|
| 12:10 |
Graham
|
Net hashes: a review of many network protocols |
Reich
|
Throw the User ID Down the Well |
|
| 14:00 |
Malvoni
|
Energy-efficient bcrypt cracking |
Gray,
Lombardo
|
Password Generators & Extended Character Set Passwords |
|
| 15:10 |
Špaček
|
The problem with the real world |
Goldberg
|
Encryption and Authentication: Passwords for all reasons. |
|
| 15:50 |
Redman
|
Password Topology Histogram Wear-Leveling, a.k.a. PathWell |
Lombardo,
Parker
|
Enhancing Password Based Key Derivation Techniques |
|
| 17:00 |
Fousekis
|
Beam Me Up Scotty! – Passwords in the Enterprise |
de Oliveira,
Macedo
|
Capturing Passwords into the Secure Desktop |
|
| 18:00 | Closing Keynote - Special Surprise Guest |
|
| 21:30 | Bsides Pool Party feat. One More Time — Sponsored by Ionic Security |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.