Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin."— Presentation transcript:

1 1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004

2 Defcon 12July 31, 20042 Introduction  Who am I?  Goals  MySQL Password Education  Introduce MySQL Password “Cracking”  Who am I?  Goals  MySQL Password Education  Introduce MySQL Password “Cracking”

3 Defcon 12July 31, 20043 What Will This Talk Cover?  Covered MySQL Password “Cracking”  NOT covered How to obtain a MySQL hash  Covered MySQL Password “Cracking”  NOT covered How to obtain a MySQL hash

4 Defcon 12July 31, 20044 Passwords: Best Practices  Absolute Minimum of 9 Characters  Mixed Case and Mixed Special Characters  Absolute Minimum of 9 Characters  Mixed Case and Mixed Special Characters

5 Defcon 12July 31, 20045 Why Crack MySQL Passwords?  Security Audits  Recovery of a lost password  Security Audits  Recovery of a lost password

6 Defcon 12July 31, 20046 Tools for Cracking Passwords  Existing tools “mysqlfast”  Very effective and fast Brute Force Cracker  Limited: 8 characters max Works only on a hash for MySQL 4.0 or lower Single hash at a time  Existing tools “mysqlfast”  Very effective and fast Brute Force Cracker  Limited: 8 characters max Works only on a hash for MySQL 4.0 or lower Single hash at a time

7 Defcon 12July 31, 20047 Tools for Cracking Passwords  Existing tools “John The Ripper” (contrib)  Dictionary-based Cracker  Trusted by most security professionals  Limited: Works only on a hash for MySQL 4.0 or lower Can be SLOW  Existing tools “John The Ripper” (contrib)  Dictionary-based Cracker  Trusted by most security professionals  Limited: Works only on a hash for MySQL 4.0 or lower Can be SLOW

8 Defcon 12July 31, 20048 Tools for Cracking Passwords  New Tool “phpMyAudit”  Dictionary-based  Runs from the Web or a Shell Script  Extremely fast (after dictionary import)  Can find passwords that “mysqlfast” cannot brute force  Limited: Not always as effective as “mysqlfast” or “John”  New Tool “phpMyAudit”  Dictionary-based  Runs from the Web or a Shell Script  Extremely fast (after dictionary import)  Can find passwords that “mysqlfast” cannot brute force  Limited: Not always as effective as “mysqlfast” or “John”

9 Defcon 12July 31, 20049 Demonstration!

10 Defcon 12July 31, 200410 Conclusion  Questions? For updates, please check: http://www.php5security.com/projects/phpMyAudit  Questions? For updates, please check: http://www.php5security.com/projects/phpMyAudit

Download ppt "1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin."

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
03-23-05 October 2006 HIPAA Updates Presentation 2006 IHCP Provider Seminar.

October 2006 HIPAA Updates Presentation 2006 IHCP Provider Seminar.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
Minimum Spanning Network: Brute Force Solution 34 43 49 53 59 67 71 75 77 83.

Minimum Spanning Network: Brute Force Solution
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Information Security and Cybercrimes

Information Security and Cybercrimes
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
By Carlos G. Coca.  Originally a person who was skilled at programming language who was able to create/alter web content.  Now: “A person who illegally.

By Carlos G. Coca.  Originally a person who was skilled at programming language who was able to create/alter web content.  Now: “A person who illegally.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
14 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Password Security and Resources.

14 Copyright © Oracle Corporation, All rights reserved. Managing Password Security and Resources.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.

CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Similar presentations

Ads by Google