Wissel Je Wachtwoord Wisselaar:WouldYOUTrustYourGovernmentToGenerateYourPasswords
Stc
Date: 2011-05-13
Time: 11:00
Room:
BBL 065
Speaker: Gerrit Wiltink
Title: Wissel je Wachtwoord Wisselaar: Would YOU trust your government to generate your passwords?
Abstract
In October 2010, the Dutch government launched a password generation tool,
the Wachtwoord Wisselaar. After answering five personal questions, users are
provided with a password that is claimed to be both easy to remember and of
sufficient complexity. In this project we successfully challenge the latter.
Among other methods, we adapted a precomputation attack and a brute force
attack to specifically target the Wachtwoord Wisselaar. We tested our methods with a
set of cryptographically hashed passwords, that were created by Computing
Science students using the Wachtwoord Wisselaar. Using only a few
computers with widely available hardware we managed to crack more than 75% of these
passwords in a relatively short period. As a more powerful adversary may have access to
state-of-the-art machinery, the Wachtwoord Wisselaar should now be considered
inadequate.
