Password Profiling

so okay wait of whom I before I worked at in in this as security I worked for eight years as a Java developer after walking around with those crazy folks I decided it was his time to dedicate myself to something something serious I built the first BMX tricks entered in a weekend such a fun project as usually someone calls me and says that has something that he can't do in I do or we should do it just because I can objectives few times some time ago I read something on a blog saying that I asked for time girls when you try to crack passwords from other people you get better edit it sounds weird so I

decided to test that for myself one of the issues that i found one up when i started this was that blind brute force takes a lot of time it usually goes around trying use the huge word list bringing that sign to work on permutation of stuff and this consumes time over time I also notice that this besides efficiency you stop repeating yourself and usually when you start thinking about this you want to go the other way around so less words try not to repeat yourself remove the duplicates and as you go on with this you start noticing that you need more information about the hashes re or the person that you're cracking it then the crash within

the hashes itself so when somebody says that s you I've heard recently that you don't need an expression they're gonna password because if it's a strong cost but nobody want nobody will find it nobody chooses a strong password not even we so that's why won't say the red word so usually people choose passwords or on their personal information their interests their native language blogs visited websites all this can be compiled into word lists and your end if you use restrictions you will reduce that word list even more so all this source of information and the source of the words in the targets information will compile itself into a word list i repeated myself are here so my use case

i have google around and I found a website that was kind enough to publish all the user information including the ashes I won't say that it was a university and yeah it was a fun to find thing because they have 15 years 15 uses in there the ashes wall out there I actually I think they still are and the some of them were actually professors so I decided to use this so my first step was identified the algorithm create the users create word list based on news and information and here was my hardware this tools everyone knows and knows this one advantage of using the cpu although by the end of this I've noticed that the

CPU is really something you can get as it was so to efficiently use the brute force he can build this I built this square which is basically lowercase and uppercase the digits and I've shuffled around with this try to reduce the number of permutations with stuff like this start with the uppercase try the middle of your lower letters because it's easier to remember and Edwin end with numbers because we all know how people choose their last date something like that the results were something like this and you'll notice that some of these numbers are actually in Social Security numbers okay so what's keeping fast i have i have a two minute long board in my house so when time once things start

to get tough i usually do this this small designs what i'm trying to do here is establish a pattern between the number of layers in the password and their components and time and the time that i need to go over all the permutations some of the permutations i have here went from 10 to 10 seconds to 2 hours or in seconds okay so okay what's not the proximate then this is last step when you go over all this and you start all over the brute force yeah is not the person right [Music] magnify show the last 100 well the last one was actually the last one was that I managed to crack all the all the passwords in

the the total number of hours that he's not included crack all the 15 passwords were still two hours basically and the last one had 14 14 karat [Applause]