How ErsatzPasswords Hide the Real Passwords and Detect Attacks

Researchers at Purdue’s CERIAS group have developed a way of strengthening traditional password authentication against sophisticated attacks. Not only is the defense practical — you can download the PAM security module from GitHub — but it also includes a built-in alarm that warns you when attacker try to use decoy passwords they believe they have […]
Read More ›

Password Rules Accomplish Things, But Not Necessarily What You Expect Or Want

I am very skeptical of passwords. Rules for password length and complexity may offer a feeling that you are behaving safely but they provide much less security than promised. As we see in Learning Tree’s Cloud Security Essentials course, the major cloud providers configure their Linux servers providing the majority of the cloud Infrastructure-as-a-Service so […]
Read More ›

Speeding Up Password Cracking

Last week I talked about how fast processors and GPUs made password cracking easier. The idea was that dictionary words could be hashed quickly and then compared to target hashes. This week we’ll look at a very fast way to compute the hashes along with a fast way to search them. A GPU or Graphics […]
Read More ›

Your Computer is Too Fast

Yes, I am still obsessed with authentication. This article didn’t dissuade me. Earlier this week I was looking at password cracking tools to use in the hands-on exercise in Learning Tree’s introduction to security course. We currently use an older tool that cracks based on a limited wordlist (usually called a dictionary) and a tool […]
Read More ›

Cracking At a Snail’s Pace

Some time ago I wrote about slowing down hash computation. A bit of further explanation seems to be in order. As we updated Learning Tree Course 468, System and Network Security Introduction recently we looked at cracking Windows 7 password hashes. The idea is to extract the hashes and run a program to process them and […]
Read More ›

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.