BSidesLV 2017 has ended
Back To Schedule
Tuesday, July 25 • 17:00 - 17:55
Think Complex Passwords Will Save You?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Have you ever tried to crack a password that was just too difficult to crack? This talk will focus on some new techniques for cracking passwords that work 100% of the time. In 2012 I released an FPGA-based DES cracking service with Moxie Marlinspike for cracking MSCHAPv2 and quickly started seeing it being used for cracking other things besides MSCHAPv2. In this presentation we'll take a look at some of the research we've done into other widely used protocols and services that still rely on DES for security and provide an quick intro into the https://crack.sh API so you too can use this service for your own projects.

Specifically, we will demonstrate tools for doing exhaustive brute-force cracking of MSCHAPv2 (PPTP VPNs, WPA-Enterprise), des_crypt() hashes, Kerberos5, and release a free real-time service for cracking MSCHAPv1 (Windows Lanman and NTLMv1 authentication) in a matter of seconds.


David Hulton

Chairman, ToorCon
David Hulton organizes the ToorCon suite of conferences and has spent nearly 20 years doing security research mostly focused on reverse engineering and cracking crypto. He’s mostly known for developing the bsd-airtools wireless attack tools in the early 2000’s, developing and... Read More →

Tuesday July 25, 2017 17:00 - 17:55 PDT
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169