Password Superpowers: How to Crack Hashes and Stump Hackers
This workshop teaches you how to use “password recovery” tools to find out what the password of a given user account or password-protected file is. By using free software programs that automates a technique called hash cracking, you can find out exactly how strong (or not) your own passwords are. Also in this workshop, you’ll learn about password and secrets management apps that help you practice good password hygiene so that you don’t reuse passwords or use weak passwords that don’t offer as much protection as you might have thought before you learned how easy it can be to “crack” encrypted passwords yourself.
Detailed description
Have you been “pwned”? For years, security researcher Troy Hunt has been running a website at HaveIBeenPwned.com that lets you check to see if your online accounts have been pwned—that is, if your personal information such as your password, has been leaked, accessed, or (worst of all!) “cracked.” Go on, check for yourself!
If you’ve been “pwned,” this workshop is your chance to learn exactly what the risk might be, and what you can do about it. Derived from one portion of the Tech Learning Collective’s popular “Hacking with Mr. Robot” (Security 101) course, this class will clarify the basics of cryptography and encryption within a context that actually applies to your day to day life online.
Learn what websites do with your password when you log in to them, and why using free password management software can make you both safer and more productive. On the flip side, learn professional techniques for recovering passwords from their “encrypted” (hashed) representation, such as using optimized wordlists, word-mangling rulesets, and employing basic doxing techniques for creating personally targeted password-cracking attacks.
Upcoming “Password Superpowers: How to Crack Hashes and Stump Hackers” Events
Subscribe to our calendar.
(Not currently scheduled.)
Video Samples
-
Password Hashes Explained