Positive Hack Days 2012: password security topics

Protecting your Linux box
Post Reply
Site Admin
Posts: 204
Joined: Sat Oct 25, 2003 10:43 am

Positive Hack Days 2012: password security topics

Post by mahin_pk »

- - - - - - - -

This is mostly old news for those of you who follow @Openwall on
Twitter, but better late than never, so here goes:

I will speak at Positive Hack Days (abbreviated PHDays or PHD) held in
Moscow, Russia on May 30-31, 2012. I understand that it's too late to
arrange travel now, but if you intend to be in Moscow on these days and
would like to attend, today/tomorrow (depending on your current
timezone) may be the last chance to register for the event:

http://mobile.twitter.com/phdays/status ... 0211812352

@PHDays wrote:

"On Monday, 21 May at midday Moscow time an additional registration for
#PHDays will start"

with a link to http://www.phdays.com/registration/

My guess is that a registration link (for the actual event in Moscow as
opposed to the online broadcasts and contests) will appear on that page
at about noon Moscow time (UTC+4) and will stay up for a few minutes.
Apparently, the first round of registrations on May 14 was completed in
8 minutes. %-) (Yes, I find this weird. Maybe everyone in Russia wants
to meet Bruce Schneier.) And yes, there are going to be online
broadcasts as well, and indeed I and probably some others will make the
slides available online - so you don't really need to attend. ;-)

The tentative title of my presentation is "Password security: past,
present, future". I intend to start by providing some background on the
state of password security and on how we got there, and for the "future"
part focus on the sub-topic of password hashing. I wish I could cover
the broad topic of password security more fully, but it is pretty much
impossible to fit that into a 50-minute talk. Hence the bias towards
new/future stuff and the sub-topic where I actually dare to highlight
problems that we're going to face, to offer predictions, and maybe even
to influence the future a little bit. I am going to try and make the
talk suitable for a wide audience, yet I am also going to provide quite
some low-level technical detail for those who can grasp that. This is
unlike presentations I made before, so it is an experiment of sorts.

Also relevant is the talk "Secure password managers and military-grade
encryption for smartphone: Huh, really?" to be presented by the
ElcomSoft folks - Dmitry Sklyarov and Andrey Belenko.

Finally, there's going to be a password cracking contest similar to
KoreLogic's "Crack Me If You Can". It is already listed on the PHDays
website, and detailed info on it will likely be posted to the john-users
list in the following few days. I don't intend to be an active
participant (let alone a team leader), but I imagine that other folks on
john-users may choose to form a team again (like we did for "Crack Me If
You Can" held at DEFCON in 2010 and 2011).

See you at PHDays, or maybe on team john-users?

Company Havaldaar Major
Posts: 178
Joined: Sat Nov 20, 2004 5:56 pm
Location: Attock-#-Junction

Re: Positive Hack Days 2012: password security topics

Post by aquiline »

Nice to kNOW.. :D
Thank you very much
Please share more updates.. :idea: :arrow:
Sh@Ring is Le@Rning
Site Admin
Posts: 204
Joined: Sat Oct 25, 2003 10:43 am

Re: Positive Hack Days 2012: password security topics

Post by mahin_pk »

- - - - -


PHDays 2012 was great!

The slides from my "Password security: past, present, future" talk are
now online:

http://www.openwall.com/presentations/P ... -Security/

You may also download them in PDF format.

I ended up not focusing on the future as much as I had intended to,
largely because I simply could not fit that in 50 minutes while also
providing sufficient background info for people to understand the
problems that I am proposing how to solve. There are 9 slides focusing
on the future, out of a total of 52. Nevertheless, I think overall the
experiment went well, and the future part may be expanded in a new
revision of the presentation - maybe if the speaker is given more than
50 minutes or/and the audience is readily familiar with the problems.

I'd appreciate any comments.

Post Reply