1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

Slides:



Advertisements
Similar presentations
Password Cracking With Rainbow Tables
Advertisements

Password Cracking Lesson 10. Why crack passwords?
October 2006 HIPAA Updates Presentation 2006 IHCP Provider Seminar.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders
Chapter 3 Passwords Principals Authenticate to systems.
Minimum Spanning Network: Brute Force Solution
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Information Security and Cybercrimes
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
By Carlos G. Coca.  Originally a person who was skilled at programming language who was able to create/alter web content.  Now: “A person who illegally.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
14 Copyright © Oracle Corporation, All rights reserved. Managing Password Security and Resources.
CIS 450 – Network Security Chapter 8 – Password Security.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Information/Internet Safety. MBA Candidates at UNM Anderson School of Management This is our homework.
AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.
Password Security & Software Encryption n John Barthmaier n October 21, 2009.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
Secmon Basic Oracle Security Monitoring. motivation & start internet security evaluate password cracker to check security of passwords.
Password Cracking By Allison Ramondetta & Christine Giordano.
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.
Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud
Measuring Real-World Accuracies and Biases in Modeling Password Guessability Segreti. et al. Usenix Security 2015.
PZAPR Parallel Zip Archive Password Recovery CSCI High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar.
By John Williams. Why Secure Passwords Matter Passwords protect everything about you online. Once those passwords are discovered and used by someone else.
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Module 4 Password Cracking
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
E-Commerce and Security Dr. John P. Abraham Professor University of Texas Pan American.
CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
Understanding Security Policies Lesson 3. Objectives.
MIGHTY CRACKER Chris Bugg Chris Hamm Jon Wright Nick Baum We could consider using the Mighty Cracker Logo located in the Network Folder.
CREATING A STRONG PASSWORD. PASSWORD DON’TS Single dictionary words (skydiving) Less than 8 characters (rj1977) Personal words/dates (samantha, ,
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Work Plan for 2008 – Mid Year Client Update
Understanding Security Policies
SQL Server Security & Intrusion Prevention
Penetration Testing Offline Password Cracking
I have edited and added material.
Jason Ewing Troy Behmer
Password Cracking Lesson 10.
Selecting a Business Continuity Planning Tool
Information Assurance Day Course
Audit Findings: SQL Database
Security.
VERSIONS.  Microsoft Excel Password Recovery Software to Recover Excel Password  Download Excel password recovery tool.  Browse excel file data and.
How to open password- protected Excel file
Free RAR password recovery--iSunshare RAR Password Genius
Web Systems Development (CSC-215)
Passwords.
Protecting IT systems (2)
Kiran Subramanyam Password Cracking 1.
REDCap and Data Governance
Security.
Password Policies to prevent reuse for online accounts
Presentation transcript:

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004

Defcon 12July 31, Introduction  Who am I?  Goals  MySQL Password Education  Introduce MySQL Password “Cracking”  Who am I?  Goals  MySQL Password Education  Introduce MySQL Password “Cracking”

Defcon 12July 31, What Will This Talk Cover?  Covered MySQL Password “Cracking”  NOT covered How to obtain a MySQL hash  Covered MySQL Password “Cracking”  NOT covered How to obtain a MySQL hash

Defcon 12July 31, Passwords: Best Practices  Absolute Minimum of 9 Characters  Mixed Case and Mixed Special Characters  Absolute Minimum of 9 Characters  Mixed Case and Mixed Special Characters

Defcon 12July 31, Why Crack MySQL Passwords?  Security Audits  Recovery of a lost password  Security Audits  Recovery of a lost password

Defcon 12July 31, Tools for Cracking Passwords  Existing tools “mysqlfast”  Very effective and fast Brute Force Cracker  Limited: 8 characters max Works only on a hash for MySQL 4.0 or lower Single hash at a time  Existing tools “mysqlfast”  Very effective and fast Brute Force Cracker  Limited: 8 characters max Works only on a hash for MySQL 4.0 or lower Single hash at a time

Defcon 12July 31, Tools for Cracking Passwords  Existing tools “John The Ripper” (contrib)  Dictionary-based Cracker  Trusted by most security professionals  Limited: Works only on a hash for MySQL 4.0 or lower Can be SLOW  Existing tools “John The Ripper” (contrib)  Dictionary-based Cracker  Trusted by most security professionals  Limited: Works only on a hash for MySQL 4.0 or lower Can be SLOW

Defcon 12July 31, Tools for Cracking Passwords  New Tool “phpMyAudit”  Dictionary-based  Runs from the Web or a Shell Script  Extremely fast (after dictionary import)  Can find passwords that “mysqlfast” cannot brute force  Limited: Not always as effective as “mysqlfast” or “John”  New Tool “phpMyAudit”  Dictionary-based  Runs from the Web or a Shell Script  Extremely fast (after dictionary import)  Can find passwords that “mysqlfast” cannot brute force  Limited: Not always as effective as “mysqlfast” or “John”

Defcon 12July 31, Demonstration!

Defcon 12July 31, Conclusion  Questions? For updates, please check:  Questions? For updates, please check:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.