Name
E4. PathWell: Password Topology Histogram Wear-Leveling
Date & Time
Thursday, May 11, 2017, 10:10 AM - 11:10 AM
Speakers
Description
Session Description:
PathWell is a novel approach to enforcing password complexity, designed to thwart modern cracking approaches while retaining compatibility with existing enterprise authentication systems and password stores. Password crackers leverage common password "masks" or topologies, such as "uppercase letter, then lowercase letters, then digits" -> "?u?l?l?l?l?l?d?d". Exhausting the 1-5 most common topologies (out of millions of possibilities) will result in cracking 25+% of all passwords for a typical enterprise network. PathWell enforces topology uniqueness across an enterprise. This greatly reduces the attacker's success rate when cracking passwords. This extends the life of weak hash types such as Windows' NTLM.
Location Name
Room 709/711
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
700 14th Street
Denver, CO 80202
United States
Category
Emerging Trends
Learner Objectives
After completing this session, the learner will:
- Have a working background in current password cracking techniques
- Understand the commonly used password complexity enforcement mechanisms and how they fall short against skilled attackers
- Understand steps organizations can take to be more resistant to advanced password cracking and guessing attacks
Speaker Bio(s)
Hank Leininger breaks stuff and builds stuff. He wrote Linux kernel hardening patches in the '90's that are now part of GRSecurity. In 2004 he co-founded KoreLogic, an expert security consulting practice. He's spoken at ShmooCon, OWASP, several BSides, and others. He doesn't have any interesting letters after his name.
Sorting Order
4