Description: It goes without saying that Adobe has made some mistakes as a software company. Quite possibly their largest was the breach that resulted in 153 million user credentials being disclosed to the Internet. The good news is that Adobe's passwords were encrypted. The bad news is that they were encrypted poorly. The worse news is that Adobe isn't alone. Each day greets us with news of a new breach, threatening to compromise our identities. We must address this growing problem of poor stored password security.
In this talk, I am going to speak briefly about password storage techniques, popular implementations, their problems, and how to fix them, leveraging Recon-ng to demonstrate the risk associated with using each technique. I'll specifically address the fundamental flaws in Adobe's approach to password encryption and dive into the techniques I've used over the past year to crack a large percent of the Adobe passwords without access to the encryption key. Finally, I'll release a Python module I wrote to assist with cracking the encrypted Adobe passwords and use it to conduct a live password cracking demonstration.
For More Information Please Visit:- http://www.securitybsides.com/w/page/77739272/BSidesAugusta%202014
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.