These days Passwords^12 is taking place in Oslo – a conference only dedicated to passwords and pin codes. With temperatures around -15 degrees (celsius) outside, in the conference rooms of the University in Oslo, Department of Informatics, talks by well known security expert are given.
Every day you use passwords. While logging on to your computer, smartphone or tablet, accessing your emails or your social network site and also for online banking and online shopping. Recent database breaches of user logins show that there is a high demand for more security in this area. During these days talks and discussions only care about this.
Norbert Schmitz started with a presentation about his master thesis on sentences and word-combinations used for password guessing. He developed algorithms for pattern learning and creating dictionaries. Followed by Joan Daemen, co-inventor of Rijndael (AES crypto algorithm) and KECCAK (winner of the SHA-3 hash algorithm competition), with an insight on this recent algorithm.
Markus Duermuth presented research on the use of Markov models used in password guessing (pre work, with different approach by Arvind Narayanan and Vitaly Shmatikov “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff”). Bitweasil presented recent changes on his cryptohaze architecture. Most important is the new modular design which is easier to extend and an additional network layer for distributed processing. Sebastian Raveau gave a talk on hunting for passwords and his troubles while compiling wordlists out of Wikipedia. Besides different languages and filtering trash, mostly Wikipedia’s XML-scheme and changing syntax makes his work hard. He will soon release his new compiled wordlist to the public. The last session was a presentation by Prof. Audun Jsang about password policies in different countries.
The end of the official part doesn’t mean an end at all. Lightning talks are following and discussions are going on. One very impressive lightning talk was the presentation by Jeremi M Gosney about HPC (High performance computing), distributing workload to several GPUs in several systems.
More interesting talks will also be given next days. (please have a look at the Agenda for more)