Wissel Je Wachtwoord Wisselaar:WouldYOUTrustYourGovernmentToGenerateYourPasswords
Date: 2011-05-13 Time: 11:00 Room: [[http://www.cs.uu.nl/docs/reach/bbl.php][BBL]] [[http://www.cs.uu.nl/info/plan/bbl.php]] ----+++++ Speaker: Gerrit Wiltink ----+++++ Title: Wissel je Wachtwoord Wisselaar: Would YOU trust your government to generate your passwords? ----+++++ Abstract In October 2010, the Dutch government launched a password generation tool, the Wachtwoord Wisselaar. After answering five personal questions, users are provided with a password that is claimed to be both easy to remember and of sufficient complexity. In this project we successfully challenge the latter. Among other methods, we adapted a precomputation attack and a brute force attack to specifically target the Wachtwoord Wisselaar. We tested our methods with a set of cryptographically hashed passwords, that were created by Computing Science students using the Wachtwoord Wisselaar. Using only a few computers with widely available hardware we managed to crack more than 75% of these passwords in a relatively short period. As a more powerful adversary may have access to state-of-the-art machinery, the Wachtwoord Wisselaar should now be considered inadequate.