Smarter Password Cracking presented at ShmooCon 2008

by Matt Glodek,

Tags: Security Wireless Forensics

Summary : Password cracking usually is portrayed as some arcane art read from a voodoo cookbook. Start with a dictionary, sprinkle in a few word mangling rules and let it sit for several months. The problem is things are starting to get harder for forensics investigators (and the occasional hacker). People are using better passwords, and newer password hashing algorithms drastically slow down how fast you can make guesses. In the future, voodoo is not going to cut it; we need science.
With more real password lists being disclosed to the public, we can finally analyze how people actually create passwords. Our talk will go over our results, tools, along with some general musings on doing hacking research in college.
Bio - Matt Weir
Matt is a PhD student at Florida State University. Before his journey back into academia, he worked as a network security engineer for Northrop Grumman. The projects he’s been a part of have ranged from providing first responders with wireless access, to assisting the Defense Department with computer forensics. Why he decided to go back to school no one knows (including him sometimes). It wasn’t the pay that’s for sure!
Bio - Bill Glodek
Bill is currently a second year graduate student at Florida State University studying Information Security, where he is the recipient of the NSA/DoD Information Assurance Scholarship. He has worked with the U.S. Army Research Laboratory’s Center for Intrusion, Monitoring and Protection (ARL CIMP) for the past three summers. His research interests include password security and general computer security. Bill also received the Computer Hacking Forensic Investigator certification in June 2007.