Abusing Password Reuse at Scale: Bcrypt and Beyond presented at BSidesLasVegas 2018

by Sam Croley,

Summary : In this talk we will cover a new attack methodology based on the concept of “offline credential stuffing”. This approach makes use of large amounts of correlated data and abuses the commonality of user password reuse to efficiently reduce the workload required to attack large lists of slow, salted hashes.