You are here:
(13 May 2011,
Date: 2011-05-13 Time: 11:00 Room: [[http://www.cs.uu.nl/docs/reach/bbl.php][BBL]] [[http://www.cs.uu.nl/info/plan/bbl.php]] ----+++++ Speaker: Gerrit Wiltink ----+++++ Title: Wissel je Wachtwoord Wisselaar: Would YOU trust your government to generate your passwords? ----+++++ Abstract In October 2010, the Dutch government launched a password generation tool, the Wachtwoord Wisselaar. After answering five personal questions, users are provided with a password that is claimed to be both easy to remember and of sufficient complexity. In this project we successfully challenge the latter. Among other methods, we adapted a precomputation attack and a brute force attack to specifically target the Wachtwoord Wisselaar. We tested our methods with a set of cryptographically hashed passwords, that were created by Computing Science students using the Wachtwoord Wisselaar. Using only a few computers with widely available hardware we managed to crack more than 75% of these passwords in a relatively short period. As a more powerful adversary may have access to state-of-the-art machinery, the Wachtwoord Wisselaar should now be considered inadequate.
ore topic actions
Topic revision: r1 - 13 May 2011,
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UUCS?