Description: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-weir.pdf https://www.defcon.org/images/defcon-16/dc16-presentations/weir/weir-extras.zip Not every bad guy writes down passwords on sticky note by their monitor. Not every system administrator fully documents everything before they leave. There are a lot of legitimate reasons why you might need to crack a password. The problem is most people don't have a supercomputer sitting in their basement or the money to go out and buy a rack of FPGAs. This talk deals with getting the most out of the computing resources you do have when cracking passwords.
Our group at Florida State University is currently working on password cracking research to aid in forensics analysis. We've analyzed disclosed password lists to try and figure out how real people actually create passwords. Not all of these lists have been in plain text so we've had to go through the pain of cracking passwords ourselves. Just like you, we are still waiting on funding for that supercomputer as well. In this talk, we'll go over some of the tools and techniques we've used to crack these password lists using only a couple of PCs, such as custom wordlist generation and choosing the right word mangling rules. We'll also talk about some of the lessons we've learned and the mistakes we've made along the way.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.