Bio: Marcell is currently working for the Security and Privacy team at Deloitte as an IT Security Consultant. He has over 5 years of experience in penetration testing and IT security audits. He attended the Faculty of Informatics at Szechényi István University and at the Budapest University of Technology and Economics, focusing on software development and IT security. He gained experience in the field of application security testing, reverse engineering, implementing cryptographic algorithms and protocols. He released articles on password encryption algorithms and developed password crackers.
Topic of Presentation: How to write your password cracker
Abstract: The objective of the presentation is to show technical details of password crackers and how operating systems, databases and applications stores user passwords and how they ensure their security. The presentation discusses how to reveal the password storing algorithms of systems that manufacturers did not make public. The techniques used in the examination of source codes and the reverse engineering analysis of binary applications are presented in detail. A programming error discovered and published by the speaker and its consequences to the security of the given system are analyzed. The reconstruction of not published algorithms and the implementation of a password cracker are also presented. Finally various ways of using technologies to accelerate password cracking will be shown, such as CPU, GPU and target hardware. A password cracker utility developed by the speaker for GPUs are also presented.