Tech Learning Collective

Technology education for radical organizers and revolutionary communities.

Password Superpowers: How to Crack Hashes and Stump Hackers

Poster for Password Superpowers: How to Crack Hashes and Stump Hackers
Persona matrix:
(What’s this?)

Have you been “pwned”? For years, security researcher Troy Hunt has been running a website at HaveIBeenPwned.com that lets you check to see if your online accounts have been pwned—that is, if your personal information such as your password, has been leaked, accessed, or (worst of all!) “cracked.” Go on, check for yourself!

If you’ve been “pwned,” this workshop is your chance to learn exactly what the risk might be, and what you can do about it. Derived from one portion of the Tech Learning Collective’s popular “Hacking with Mr. Robot” (Security 101) course, this class will clarify the basics of cryptography and encryption within a context that actually applies to your day to day life online.

Learn what websites do with your password when you log in to them, and why using free password management software can make you both safer and more productive. On the flip side, learn professional techniques for recovering passwords from their “encrypted” (hashed) representation, such as using optimized wordlists, word-mangling rulesets, and employing basic doxing techniques for creating personally targeted password-cracking attacks.