John the Ripper sits in the next cubicle – cracking passwords in a Corporate environment.

No ratings

Presented at carolinacon 2016 by

Steve Passino

This talk will examine issues to consider when building a process to check password strength using John the Ripper. Covering the items to consider before dumping the hashes and running John. Considerations include control over who will know both the user id and cracked passwords, methods to use when cracking passwords, and choosing when to stop and report. Once the passwords have been cracked, the challenges continue. Decisions around reporting are not trivial. Questions around who should receive the reports and what data needs to be delivered all have to be answered. This talk will cover the challenges faced and some solutions as well.