DEF CON 17 - Matt Weir - Cracking 400000 Passwords

Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High...
Matt Weir PhD Student, Florida State University
Professor Sudhir Aggarwal Florida State University

Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way.

Matt Weir is a PhD student at Florida State University who is specializing in password cracking research. Before his journey back into academia he worked as a network security engineer for Northrop Grumman. The projects he's been a part of have ranged from providing first responders with wireless access, to assisting the Defense Department with computer forensics. Why he decided to go back to school no one knows (including him sometimes). It wasn't the pay that's for sure!

Sudhir Aggarwal has been Professor of Computer Science at Florida State University since the fall of 2002 where he directs the E-Crime Investigative Technologies Laboratory. Previous to his current position, he was Chief Technology Officer of the Internet Content Delivery and Distribution business unit of Lucent Technologies where he was responsible for the architecture, portfolio, and development of the Imminet product line. Dr. Aggarwal's current research interests are in building software tools and systems that support cybersecurity and digital forensics. He is also interested in computer and communication networks where he has investigated infrastructures for network games and techniques for building efficient overlay networks.

For copies of the slides and additional materials please see the DEF CON 17 Archive here: https://defcon.org/html/links/dc-arch...