Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 May 2012 02:37:11 +0400
From: Solar Designer <>
Subject: Positive Hack Days 2012: password security topics


This is mostly old news for those of you who follow @Openwall on
Twitter, but better late than never, so here goes:

I will speak at Positive Hack Days (abbreviated PHDays or PHD) held in
Moscow, Russia on May 30-31, 2012.  I understand that it's too late to
arrange travel now, but if you intend to be in Moscow on these days and
would like to attend, today/tomorrow (depending on your current
timezone) may be the last chance to register for the event:

@PHDays wrote:

"On Monday, 21 May at midday Moscow time an additional registration for
#PHDays will start"

with a link to

My guess is that a registration link (for the actual event in Moscow as
opposed to the online broadcasts and contests) will appear on that page
at about noon Moscow time (UTC+4) and will stay up for a few minutes.
Apparently, the first round of registrations on May 14 was completed in
8 minutes. %-)  (Yes, I find this weird.  Maybe everyone in Russia wants
to meet Bruce Schneier.)  And yes, there are going to be online
broadcasts as well, and indeed I and probably some others will make the
slides available online - so you don't really need to attend. ;-)

The tentative title of my presentation is "Password security: past,
present, future".  I intend to start by providing some background on the
state of password security and on how we got there, and for the "future"
part focus on the sub-topic of password hashing.  I wish I could cover
the broad topic of password security more fully, but it is pretty much
impossible to fit that into a 50-minute talk.  Hence the bias towards
new/future stuff and the sub-topic where I actually dare to highlight
problems that we're going to face, to offer predictions, and maybe even
to influence the future a little bit.  I am going to try and make the
talk suitable for a wide audience, yet I am also going to provide quite
some low-level technical detail for those who can grasp that.  This is
unlike presentations I made before, so it is an experiment of sorts.

Also relevant is the talk "Secure password managers and military-grade
encryption for smartphone: Huh, really?" to be presented by the
ElcomSoft folks - Dmitry Sklyarov and Andrey Belenko.

Finally, there's going to be a password cracking contest similar to
KoreLogic's "Crack Me If You Can".  It is already listed on the PHDays
website, and detailed info on it will likely be posted to the john-users
list in the following few days.  I don't intend to be an active
participant (let alone a team leader), but I imagine that other folks on
john-users may choose to form a team again (like we did for "Crack Me If
You Can" held at DEFCON in 2010 and 2011).

See you at PHDays, or maybe on team john-users?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.