How ErsatzPasswords Hide the Real Passwords and Detect Attacks
jun 10,
2015
Researchers at Purdue’s CERIAS group have developed a way of strengthening traditional password authentication against sophisticated attacks. Not only is the defense practical — you can download the PAM security module from GitHub — but it also includes a built-in alarm that warns you when attacker try to use decoy passwords they believe they have […]
Password Rules Accomplish Things, But Not Necessarily What You Expect Or Want
okt 2,
2013
I am very skeptical of passwords. Rules for password length and complexity may offer a feeling that you are behaving safely but they provide much less security than promised. As we see in Learning Tree’s Cloud Security Essentials course, the major cloud providers configure their Linux servers providing the majority of the cloud Infrastructure-as-a-Service so […]
Speeding Up Password Cracking
jun 19,
2013
Last week I talked about how fast processors and GPUs made password cracking easier. The idea was that dictionary words could be hashed quickly and then compared to target hashes. This week we’ll look at a very fast way to compute the hashes along with a fast way to search them. A GPU or Graphics […]
Your Computer is Too Fast
maj 24,
2013
Yes, I am still obsessed with authentication. This article didn’t dissuade me. Earlier this week I was looking at password cracking tools to use in the hands-on exercise in Learning Tree’s introduction to security course. We currently use an older tool that cracks based on a limited wordlist (usually called a dictionary) and a tool […]
Cracking At a Snail’s Pace
jan 2,
2013
Some time ago I wrote about slowing down hash computation. A bit of further explanation seems to be in order. As we updated Learning Tree Course 468, System and Network Security Introduction recently we looked at cracking Windows 7 password hashes. The idea is to extract the hashes and run a program to process them and […]