BSidesLV 2015 has ended
Tuesday, August 4 • 14:00 - 14:55
Pushing on String: Adventures in the 'Don't Care' Regions of Password Strength

Sign up or log in to save this to your schedule and see who's attending!

The gap between the effort needed to withstand online and offline password guessing attacks is enormous, and there's a large gap where increasing cracking resistance leads to no change in outcomes. On many networks there's also a snowball effect, where an attacker with x% of credentials controls much more than x% of network resources; this also gives a large region where increasing cracking resistance accomplishes nothing. This talk examines the administrator's task of defending a population of users from password cracking, what does and doesn't make sense, and where we are wasting our time (spoiler alert: almost everywhere.)


Cormac Herley

Principal Researcher, Microsoft
Cormac is a Principal Researcher at Microsoft Research, where he has been since 1999. He has published widely in information theory,and networking and security. He is an inventor of 70+ US patents, and has shipped technologies used by hundreds of millions of users. He holds a PhD... Read More →

Tuesday August 4, 2015 14:00 - 14:55
Passwords Tuscany

Attendees (0)