Hash, store, ..., profit!
Author(s): Michal Špacek

Date: July 2013
Publication: Passwords13 Las Vegas
Source 1: http://www.slideshare.net/spaze/password-hash-store-profit-passwords13

Abstract or Summary:
Why is proper hashing essential in protecting your users? And what is proper hashing, anyway?

I will talk about various ways of storing users' passwords in a database. I will also show one real world example by using a dumped dataset with several hundred hashed passwords from a small local (Czech) online shop for a major clothing brand. I'll show that it's possible to take over a user's mailbox (including gmail.com mailbox) by cracking passwords from this dataset simply by using an online cracking tool. That is few dozens of active mailboxes in several minutes with just a browser. I will also present some stats from this dataset - how many passwords were successfully cracked by this online tool. I will recommend better hashing algos than just a plain SHA-1. I will also add few tips like "don't send passwords by email".

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=5RX-qUQ0iN4

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com