(ISC)2 Melbourne Chapter Meeting - June 20th, 2017
Wonderful World of p455w0rd cr4ck1n6: Password cracking is now more affordable than ever and can be approached using consumer hardware or cheap cloud services.
Presentation: Wonderful World of p455w0rd cr4ck1n6
Presentation Abstract:
Serious password cracking power is now much more affordable and within reach of adversaries. Complex password policies have been developed in attempt to ensure passwords are harder to crack, but do they really address the issue?
In this presentation, we will explore current techniques behind storing password hashes as well as how cracking these passwords may be possible on consumer hardware, or even a cheap cloud server with access to a GPU. We will discuss different attack methods and detail the budget an attacker would require to access the required hardware - often much cheaper than you think!
The presentation will include a live password cracking demo and a discussion on more attack resistant password storage methods.
What’s Cool About this Presentation?
Recently there have been many large attacks and database leaks where password hashes have become available online. These password databases did not survive very long before being cracked. This presentation is unique in that it discusses these issues, how the attacks are carried out, includes a live demo of an attack, as well as addressing how to better store passwords in the future.
The Speaker:
John Gerardos is a security consultant with more than 10 years’ experience who loves to make stuff, break stuff and fix stuff. John can usually be found researching the latest security topics, tinkering with random objects or roaming around security conferences. As well as his day job, John actively participates within the information security community. He regularly attends security conferences, run several security training sessions and workshops and has led a University’s information security student group for 3 years.
John holds a Bachelor’s Degree in Computer Science and has commenced the Masters of Applied Science (Information Security and Assurance) at RMIT University. This is supplemented by Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) training, as well as IT Infrastructure Library (ITIL) certification.
Full details and to register: https://www.eventbrite.com.au/e/isc2-melbourne-chapter-20-june-2017-meeting-tickets-34788487302?aff=es2