This talk will discuss different ways to crack passwords. There will be a brief history of how passwords are hashed, how hashing works, how long a password should be, how to pick a good password, password managers, and defense against passwords being cracked. I will discuss the evolution of salting passwords and improvements to hashing algorithms.
Three ways to crack passwords will be described. All tools described are open source. Custom open source tools I wrote to help manage password cracking will be described.
I will discuss statistics on 1 billion passwords I have found including password length, use of different character classes such as all lowercase, all uppercase and more. I will describe statistics on the use of control characters in passwords. Password patterns such as <alpha><num> will be discussed.
I will discuss my experience with John the Ripper, Hashcat, and rainbow tables, and the pros and cons of each tool.
