YoVDO

On the Economics of Offline Password Cracking

Offered By: IEEE via YouTube

Tags

Password Security Courses Security Breaches Courses Account Security Courses

Course Description

Overview

Explore an economic model of offline password cracking in this IEEE Symposium on Security & Privacy presentation. Delve into the analysis of major password breaches at Yahoo!, Dropbox, LastPass, and AshleyMadison, revealing the inadequacy of current key-stretching techniques. Examine the Zipf's law distribution of user passwords and its implications for rational attackers. Discover the finite threshold that determines an attacker's optimal strategy and learn why most user passwords are at risk. Investigate the potential of memory hard functions (MHFs) like SCRYPT or Argon2i in significantly reducing offline attack damage. Gain insights into recommended updates for password hashing standards, emphasizing the importance of MHFs and the need to phase out non-memory hard functions like BCRYPT or PBKDF2.

Syllabus

Intro
Offline Attacks: A Common Problem
Key Stretching
Strong Claims (Post Breaches)
Decision Theoretic Model
User Password Distribution
Threshold Function of Doom
An "Optimistic" Picture
Memory Hard Functions (MHF)
Executive Summary of Our Findings
Recommendations for Organizations


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Digitale Identitäten - Wer bin ich im Netz?
openHPI
Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn
Security Awareness Training
(ISC)² via Coursera
Learn Social Engineering From Scratch 2024
Udemy
Certified Ethical Hacker دورة إعداد الـ
Udemy