H2K2 (2002): "The Password Probability Matrix" (Download)
Saturday, July 13, 2002: 2:00 pm (Area "B"): A winnowing method for brute-force password cracking using lossy compression. Cryptologist Jon Erickson will present the specifics for a newly developed password cracking method and perform a demonstration of it. The method is a hybrid between using computational power and storage space for an exhaustive brute-force attack utilizing a compressed matrix of probabilistic values. He will demonstrate the ability to crack any 4 character password with a fixed salt in under 8 seconds (assuming 10,000 cracks per second), using only a 141 meg file. A normal exhaustive brute-force on the same system would take over 2 hours, and flat text storage of the plaintext/hash pairs would normally use over a gigabyte of storage. This translates to 99.9% keyspace reduction and 89% storage compression.