Password Cracking, From "abc123" to "thereisnofatebutwhatwemake"
Authors: Josh Dustin

Date: July 2013
Publication: Passwords13 Las Vegas
Source: Currently no known Internet copy of paper.

Abstract or Summary:
When cracking passwords, we all have GPU envy. But with nothing more than Backtrack, a laptop, and some overlooked resources, you too can crack everything from simple passwords to complex passphrases.

There's nothing worse than being at a loss for words, especially when the words you've lost can give an attacker full access to your network. We've seen the recent increase in public password hash breaches affect everyone, from dating sites to defense contractors. In this presentation, Josh starts at the beginning and moves to the point where you've exhausted all your cracking dictionaries. Then, he moves to mining new words and phrases from relevant tweets and other online sources. Building on Josh's work, Kevin blows open the door on book titles, movie scripts, and Dr. Seuss rhymes to reveal the secrets of the once-impregnable passphrase. The effort doesn't take a massive investment in cores or code. We've used thrown-together bash and Perl scripts, public APIs, a laptop in a hotel room, and a quad-core system in a home office.

Join us on a journey from qwerty, changeme, and p@55w0rd to Thecoldplay40, H1N1influenza, tothineownselfbetrue. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019