Brains over Brawn: Intelligent Password Recovery

ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

Thu 18th Oct 01:00 to 01:50

Attendees will leave this session with new ideas that can immediately be applied to their password cracking needs ranging from recovery of password-protected documents needed for forensics, incident response, law enforcement, and legal cases to improving password compliance in large organizations. We will share our experience running the DEFCON password cracking contest "Crack Me If You Can", our security R&D work for DARPA and for the Carnegie Mellon University CyLab Usable Privacy and Security Laboratory. This experience has helped us to develop "intelligent recovery" methods (those that are most likely to succeed first thereby increasing recovery speed and success) as well as cutting-edge cracking logic (rules, patterns, & dictionaries) created from analyzing millions of cracked passwords. The presentation will cover the following topics:
Present real-world use cases:
Best practice password compliance monitoring by information security and audit teams
Quantifying organizational improvement in password strength. A rare opportunity to show security ROI to management
Recovering password-protected documents needed for forensics, incident response, law enforcement, and legal cases
The importance of password cracking in penetration testing
Share what we have learned about cutting edge cracking techniques, architectures and rules from the DEFCON password cracking contest run by KoreLogic (including new tools, techniques, GPU password cracking, etc)
Brains or brawn: Brute forcing passwords vs. rule based logic, extensive dictionaries (and horsepower)
Briefly review password hashing methods and password cracking methods


Speakers

Photo Speaker Name Profile
Rick Redman Rick Redman View Profile
Top