Explore a new paradigm in stored password security through this 50-minute conference talk from DerbyCon 4. Delve into the innovative "Ball and Chain" concept presented by Benjamin Donnelly and Tim Tomes. Learn about the current problems in password security, understand the philosophy behind this new approach, and discover how it offers a scalable solution. Examine a simple graphical example to grasp the concept, and understand the beauty and practicality of this method. Follow along as the speakers break down the authentication process, explaining array creation, data concatenation, hashing techniques, and the importance of multiple pointer-data pairs. Gain insights into selecting optimal data lengths and building secure arrays. Conclude by exploring the potential impact of this paradigm shift on the future of password security and consider possible implementations.
Overview
Syllabus
Intro
Benjamin Donnelly - @zaeyx
Overview
The Problem
The Philosophy
The Solution
A Simple Graphical Example
Keep in mind
The Beauty of It
How It Scales
Shopping List
Our Trick
Authentication Example
On Array Creation
Concatenate Pointers, Data
Hash Concatenated Data
2 Split the data
Hash and compare
Selecting Data Length
When Building Your Array
Why use multiple Pointer Data Pairs?
For Example
The New Reality
The Future
In Closing
The Goods
Possible Solutions
