January Meeting: Everything We Know About CyberSecurity is Wrong (Ryan Byrd)

Steve Meyers steve at plug.org
Tue Jan 10 10:40:01 MST 2017

Date: Tuesday, January 17th
Time: 7:00pm
Location: UVU Business Resource Center

The exploits and security breaches which are technically feasible and the ones that actually occur in the wild are two very different things. There are two common, bad assumptions: one, that people choose random passwords and two, that passwords are broken with dumb brute force. Neither of those assumptions are correct. Brute force attacks are never used on passwords of longer than six characters because it takes too long. So instead, hackers use word list attacks that combine list of words gathered from hacked passwords, Wikipedia, the Gutenberg Project and YouTube comments and then combine those words in unique ways (https://hashcat.net/wiki/doku.php?id=oclhashcat has over 5100 rules to do this). This so-called intelligent brute force reduces the candidate key space and makes attacks possible on 55 character or longer passwords.

Ryan is a computer engineer working at the base of the Rocky Mountains. Sometimes he solves hard problems, builds embedded devices, creates web applications and automates processes for good people. Sometimes he just keeps bees. He's very busy and important.

Just go in the front doors, and follow the signs. We're usually in a conference in the back of the main floor.

http://plug.org/uvu has directions and a map

More information about the PLUG mailing list