Explore cutting-edge techniques in password hash reversal in this 59-minute conference talk from Bloomcon 2017. Delve into the intricacies of cryptographic hashes, password management policies, and the implications of the Ashley Madison leak. Learn about brute-forcing methods, rainbow tables, and their limitations. Discover innovative approaches like region tracking and Bloom filters for more efficient password cracking. Gain insights into space-time tradeoffs, data structures, and the latest developments in hash function analysis. Understand the potential impact of these advancements on cybersecurity and password protection strategies.
Overview
Syllabus
Introduction
Who am I
The Ashley Madison leak
Password management policies
Definitions
How hashes work
Cryptographic hashes
Examples of hash functions
Hash is oneway functions
Password space
Collisions
Google announcement
How servers store passwords
Logins work
We can pretend
Bruteforcing
Permutation
Parallel lines
Rainbow tables
Reduction function
Rainbow table
Rainbow table example
Rainbow table downsides
Worst case
Sequence of reduction
New idea
What hash function does
What if we track regions
A few more definitions
Some more examples
What does this mean
Storing the digest
Groovy technology
Spacetime tradeoffs
Data structure
Hash functions
Bloom filters
Bloom reverse system
Brute force
Example
