Force multiplier - Guided password cracking (CROSBI ID 625439)
Neobjavljeno sudjelovanje sa skupa | neobjavljeni prilog sa skupa
Podaci o odgovornosti
Kišasondi, Tonimir
engleski
Force multiplier - Guided password cracking
In this talk, I will show how to better target password cracking and guessing attacks against offline password lists or online systems. We will cover custom wordlist creation from multiple languages and sources, targeting via personal data collected by abusing a popular search provider and scraping various databases to obtain enough data to help us. We will show how to use those lists with the help of a tool called unhash to deliver targeted password cracking attacks and drastically reduce our search space. The popularity of usage "slow" hashes like bcrypt, scrypt and PBKDF2 with big round sizes requires us to try a smaller quantity of possible passwords. The adage "Brute force: If it isn't working, you are not using enough of it" is simply not true anymore, so we have to adapt our methods.
password cracking; security
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
nije evidentirano
nije evidentirano
Podaci o skupu
BalCCon2k14 - Balkan Computer Congress
pozvano predavanje
05.09.2014-07.09.2014
Novi Sad, Srbija