Home
Schedule
Abstract Template
Masters Attendance

Wissel Je Wachtwoord Wisselaar:WouldYOUTrustYourGovernmentToGenerateYourPasswords

Stc

Date: 2011-05-13

Time: 11:00

Room:  [[http://www.cs.uu.nl/docs/reach/bbl.php][BBL]] [[http://www.cs.uu.nl/info/plan/bbl.php][065]]

----+++++ Speaker: Gerrit Wiltink

----+++++ Title: Wissel je Wachtwoord Wisselaar: Would YOU trust your government to generate your passwords?


----+++++  Abstract

In October 2010, the Dutch government launched a password generation tool,
the Wachtwoord Wisselaar. After answering five personal questions, users are
provided with a password that is claimed to be both easy to remember and of
sufficient complexity. In this project we successfully challenge the latter.
Among other methods, we adapted a precomputation attack and a brute force
attack to specifically target the Wachtwoord Wisselaar. We tested our methods with a
set of cryptographically hashed passwords, that were created by Computing
Science students using the Wachtwoord Wisselaar. Using only a few
computers with widely available hardware we managed to crack more than 75% of these
passwords in a relatively short period. As a more powerful adversary may have access to
state-of-the-art machinery, the Wachtwoord Wisselaar should now be considered
inadequate.