Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120520223711.GA13779@openwall.com>
Date: Mon, 21 May 2012 02:37:11 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Cc: john-users@...ts.openwall.com
Subject: [openwall-announce] Positive Hack Days 2012: password security topics

Hi,

This is mostly old news for those of you who follow @Openwall on
Twitter, but better late than never, so here goes:

I will speak at Positive Hack Days (abbreviated PHDays or PHD) held in
Moscow, Russia on May 30-31, 2012.  I understand that it's too late to
arrange travel now, but if you intend to be in Moscow on these days and
would like to attend, today/tomorrow (depending on your current
timezone) may be the last chance to register for the event:

http://mobile.twitter.com/phdays/status/203451040211812352

@PHDays wrote:

"On Monday, 21 May at midday Moscow time an additional registration for
#PHDays will start"

with a link to http://www.phdays.com/registration/

My guess is that a registration link (for the actual event in Moscow as
opposed to the online broadcasts and contests) will appear on that page
at about noon Moscow time (UTC+4) and will stay up for a few minutes.
Apparently, the first round of registrations on May 14 was completed in
8 minutes. %-)  (Yes, I find this weird.  Maybe everyone in Russia wants
to meet Bruce Schneier.)  And yes, there are going to be online
broadcasts as well, and indeed I and probably some others will make the
slides available online - so you don't really need to attend. ;-)

The tentative title of my presentation is "Password security: past,
present, future".  I intend to start by providing some background on the
state of password security and on how we got there, and for the "future"
part focus on the sub-topic of password hashing.  I wish I could cover
the broad topic of password security more fully, but it is pretty much
impossible to fit that into a 50-minute talk.  Hence the bias towards
new/future stuff and the sub-topic where I actually dare to highlight
problems that we're going to face, to offer predictions, and maybe even
to influence the future a little bit.  I am going to try and make the
talk suitable for a wide audience, yet I am also going to provide quite
some low-level technical detail for those who can grasp that.  This is
unlike presentations I made before, so it is an experiment of sorts.

Also relevant is the talk "Secure password managers and military-grade
encryption for smartphone: Huh, really?" to be presented by the
ElcomSoft folks - Dmitry Sklyarov and Andrey Belenko.

Finally, there's going to be a password cracking contest similar to
KoreLogic's "Crack Me If You Can".  It is already listed on the PHDays
website, and detailed info on it will likely be posted to the john-users
list in the following few days.  I don't intend to be an active
participant (let alone a team leader), but I imagine that other folks on
john-users may choose to form a team again (like we did for "Crack Me If
You Can" held at DEFCON in 2010 and 2011).

See you at PHDays, or maybe on team john-users?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.