Upgrade to Pro — share decks privately, control downloads, hide ads and more …

15-349 passwords

ThierrySans
September 25, 2014
Education
0
42

15-349 passwords

ThierrySans

September 25, 2014
Tweet

More Decks by ThierrySans

See All by ThierrySans
CSCD27 Social Engineering
thierrysans
0
230
CSCD27 Web Security
thierrysans
0
410
CSCD27 Malicious Software
thierrysans
0
360
CSCD27 Protection
thierrysans
0
460
CSCD27 System Insecurity
thierrysans
0
380
CSCD27 Human Authentication
thierrysans
0
320
CSCD27 Network security
thierrysans
0
520
CSCD27 Network (in)security
thierrysans
0
540
CSCD27 Cryptography Protocols
thierrysans
0
680

Other Decks in Education

See All in Education
Часто задаваемые вопросы
pnuslide
0
22k
5 занятие. Разбор метода "8 кубиков"бизнес-модели #ideaNN 16.02.2024.
karlov
0
180
AI教育の未来『おもしろい』を作れる人材の育て方 #東京AI祭
o_ob
1
350
Pre-enrollment Information for UTokyo International Students
utokyoissr2360
0
4.8k
SUMMER SCHOOL 2024
pnuslide
0
140
4 занятие. Разбор бизнес-моделей и метод красной нити #ideaNN 9.02.2024.
karlov
0
230
Tips for the Presentation - Lecture 2 - Advanced Topics in Big Data (4023256FNR)
signer
PRO
0
130
生成AIを活用できる大学教職員になる-基本と実践-
gmoriki
0
300
Padlet opetuksessa
matleenalaakso
3
11k
[SemanaX-UFCG-2024] Guia descomplicado de entrevistas FAANG
hugaomarques
2
450
自由の森学園学校紹介資料
jiyunomori
0
1.5k
令和6年度 無料トライアルキャンペーン説明会
asial_edu
0
750

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
42k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Ruby is Unlike a Banana
tanoku
96
10k
How GitHub (no longer) Works
holman
304
140k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Happy Clients
brianwarren
92
6.4k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
Web Components: a chance to create the future
zenorocha
305
41k
Infographics Made Easy
chrislema
238
18k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k

Transcript

  1. Passwords Thierry Sans

  2. Managing Passwords • How many passwords do you have? •

    What password for what kind of application? • How often do you change your password? • How do you remember your password? • How strong is your password?

  3. Using passwords • Where are passwords stored? • How are

    they stored? • How are they compared with an input? • How are they transmitted on the network?

  4. Hacking passwords • How would you steal someone’s password? •

    How would you crack someone’s password

  5. Cracking a password from the login box How to crack

    a password on challenge/response? • Guessing attack (default and common passwords) • Brute force attack • Dictionary attack What are the counter-measures? • Timing • Limit number of tries Tool : THC Hydra

  6. How passwords are stored • In clear (really bad) •

    Hashed (bad) • Salted Hash (better and easy to manage) • Encrypted (best but complex to manage)

  7. Unsalted passwords sha2 pass4security 8r#Yul@6rP sha2 pass4security + 5%pL6* kI?z90$J7k

    Salted password

  8. Getting someone’s password How to get a password in clear?

    • Social engineering - Phishing • Data mining (emails, logs) • Keyloggers (keystroke logging) How to get an encrypted or hashed password? • Know where it is stored

  9. Cracking an encrypted or hashed password How to crack a

    password knowing its stored form? • Guessing attack (default and common passwords) • Brute force attack • Dictionary attack • Rainbow tables What are the counter-measures? • Protect it well at the OS or application level • Store it somewhere else (portable device, kerberos, …) Tool : John the Ripper

  10. Password Strength How strong is your password?
 
 http://howsecureismypassword.net/ How

    long does it take to crack a password?
 
 http://www.lockdown.co.uk/?pg=combi
  11. None

  12. Stronger password (used for e-banking for instance) Visual Pad (weak)

    One time password (stronger) • Calculator • Password sheet Two-factor authentication (better) • Password (something you know) • SMS code (something you own)