2024-08-06 –, Tuscany
The talk will cover some history about password hashing. A dump of 1576
descrypt passwords was decrypted over a period of 5 years. I will discuss tools used, wordlists, custom rules, CPU vs GPU tradeoff, and defenses against password cracking.
The talk will cover some history about password hashing. A dump of 1576
descrypt passwords was decrypted over a period of 5 years. Lessons learned
will be discussed. An additional dump of 26 descrypt passwords was also
decrypted. Tools used to descrypt passwords will be discussed. Different
wordlists will be discussed as well as standard and custom tools to process
wordlists.
Relative speed of different password hashes will be discussed. The importance
of salting hashes will be discussed. Cracking passwords in a time efficient
fashion will be discussed.
CPU vs GPU cracking hardware will be discussed.
Statistics on decrypted passwords will be discussed.
Unusual passwords will be discussed.
I created custom john the ripper rules to help crack passwords.
Defenses against password cracking will be discussed.
Jeff Deifik has a MS in Cybersecurity and a CISSP and C|CISO credentials. His
interest in the intersection of cybersecurity and software development began
with white hat password cracking over 30 years ago. Career projects included
ten years at the first e-commerce system (from 1985-1995), the first orbiting
radio telescope satellite, the worlds most advanced pulse oxineter, and most
recently cybersecurity for government satellite ground control, balancing
sound cybersecurity with cost and schedule. He is currently employed at The
Aerospace Corp.