Follow @Openwall on Twitter for new release announcements and other news

Password cracking: past, present, future

These are the slides of Solar Designer's keynote talk at OffensiveCon 2024. You can also watch the video recording.

Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. Focus of this talk is evolution and optimization of offline password cracking. At a high level, we break down the optimization problem into that of speed (how many candidate passwords we test per second) and focus (which candidate passwords we test against which targets and in what order). Also included is plenty of historical context starting with 1960s and until the present day, with a look into the future.

Password cracking may be simple on the surface, but it is also serious computer science and engineering and is still an evolving and highly competitive field welcoming new contributors. Like with other offensive security fields, new techniques and results inform design and parameters of new defenses.

In a sense, this presentation is the offensive security counterpart to our earlier Password security: past, present, future (2012) and yescrypt: large-scale password hashing (2017). Also relevant are our Energy-efficient bcrypt cracking (2014), Automatic wordlists mangling rules generation (2012), Distributable probabilistic candidate password generators (2012), and several other presentations.

Please click on the slides for higher-resolution versions. You can also download a PDF file with all of the slides (34 MB) or view them at Speaker Deck.

Slide 1 Slide 2 Slide 3 Slide 4 Slide 5 Slide 6 Slide 7 Slide 8 Slide 9 Slide 10 Slide 11 Slide 12 Slide 13 Slide 14 Slide 15 Slide 16 Slide 17 Slide 18 Slide 19 Slide 20 Slide 21 Slide 22 Slide 23 Slide 24 Slide 25 Slide 26 Slide 27 Slide 28 Slide 29 Slide 30 Slide 31 Slide 32 Slide 33 Slide 34 Slide 35 Slide 36 Slide 37 Slide 38 Slide 39 Slide 40 Slide 41 Slide 42 Slide 43 Slide 44 Slide 45 Slide 46 Slide 47 Slide 48 Slide 49 Slide 50 Slide 51 Slide 52 Slide 53 Slide 54 Slide 55 Slide 56 Slide 57 Slide 58 Slide 59 Slide 60 Slide 61 Slide 62 Slide 63 Slide 64 Slide 65 Slide 66 Slide 67 Slide 68 Slide 69 Slide 70 Slide 71 Slide 72 Slide 73 Slide 74 Slide 75 Slide 76 Slide 77 Slide 78 Slide 79

Quick Comment: