These days Passwords^12 is taking place in Oslo - a conference only dedicated to passwords and pin codes. With temperatures around -15 degrees (Celsius) outside, in the conference rooms of the University in Oslo, Department of Informatics, talks by well known security experts are given.
Every day you use passwords. While logging on to your computer, smartphone or tablet, accessing your emails or your social network site and also for online banking and online shopping. Recent database breaches of user logins show that there is a high demand for more security in this area. During these days talks and discussions only care about this.
Norbert Schmitz started with a presentation about his master thesis on sentences and word-combinations used for password guessing. He developed algorithms for pattern learning and creating dictionaries. Followed by Joan Daemen, co-inventor of Rijndael (AES crypto algorithm) and KECCAK (winner of the SHA-3 hash algorithm competition), with an insight on this recent algorithm.
Markus Duermuth presented research on the use of Markov models used in password guessing (pre work, with different approach by Arvind Narayanan and Vitaly Shmatikov "Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff"). 'Bitweasil' presented some of the recent changes and improvements on his cryptohaze architecture. Most important in my opinions is the new modular design which is easier to extend and an additional network layer for distributed processing. Sebastian Raveau gave a talk on hunting for passwords and his troubles while compiling wordlists out of Wikipedia. Besides different languages and filtering trash, mostly Wikipedia's XML-scheme and changing syntax makes his work hard. He will release his newly-compiled wordlist to the public soon, so stay tuned. The last session was a presentation by Prof. Audun Jøsang about password policies in different countries.
The end of the main conference part doesn't mean an end at all. Lightning talks are following and discussions are going on. One very impressive lightning talk was the presentation by Jeremi Gosney about HPC (High performance computing), distributing workload to multiple GPUs in several systems.
More interesting talks will also be given next days. (please have a look at the Agenda for more or #passwords12 on Twitter)