PasswordsCon Las Vegas 2014 conferences

La conférence “PasswordsCon” de 2014 à Las Vegas s’est achevée il y a peu. Cette conférence regroupe de nombreux professionnels de la sécurité et hackers en tout genre autour des thèmes des “mots de passe”, “PIN codes” et de l’authentification digitale en générale.

Passwords are the most prevalent form of authentication in the digital age, and are the first line of defense against unauthorized access in most systems. Even if you are using some other form of authentication for a particular service, there’s still a password in the chain somewhere — it all comes back to relying on something somewhere being password-protected. But after 50 years of computing evolution, 123456 and password still top the list of most frequently used passwords. And nearly a half billion passwords have been compromised over the last five years alone, including breaches from companies such as Adobe, Twitter, Forbes, LinkedIn, Yahoo, and LivingSocial. Clearly, we have a systemic problem with password authentication – and it’s not going away any time soon.

Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions. And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

Passwords was launched in Bergen, Norway in 2010, motivated by dissatisfaction with the robustness and usability of current authentication solutions. Now in its fifth year, Passwords is held twice a year on two continents, and Passwords14 Las Vegas marks the 7th global event. Participation has doubled at each event over the past three years, and we are anticipating participation more than doubling in 2014 due to our partnership with Bsides Las Vegas.

Un grand nombre de spécialistes et d’experts reconnus dans le milieu sont venus faire des présentations au cours de cette conférence. L’ensemble des présentations ont été mises en ligne sur la chaîne YouTube de l’événement ainsi que sur SecurityTube.

Parmi les conférences disponibles :

• Password Security In The Pci Dss – Jarred White
• Authentication In The Cloud – Building service – Dan Cvrcek
• Defense With 2fa – Steve Thomas
• Opening Keynote – Julia Angwin
• Security For The People: End-User authentication security on the internet – Mark Stanislav
• The problem with the real world – Michal Špaček
• Target Specific Automated Dictionary generation – Matt Marx
• Energy-Efficient Bcrypt Cracking – Katja Malvoni
• Bitslice Des With Lop3.Lut – Steve Thomas
• Surprise Talk + Advisory Release – Dominique Bongard Bioandsuch
• Net Hashes: A Review Of Many Network protocols – Robert Graham
• Beam Me Up Scotty! – Passwords In The enterprise – Dimitri Fousekis
• What Microsoft Would Like From The password hashing competition marsh – Ray Greg Zaverucha
• Penetrate Your Owa – Nate Power Bioandsuch
• Password Topology Histogram Wear-Leveling aka pathwell – Rick Redman
• Using Cryptanalysis To Speed-Up Password cracking – Christian Rechberger
• Secure Your Email – Secure Your Password per Thorsheim
• Password Hashing Competition: The candidates – Jean-Philippe Aumasson
• I have the #cat so I make the rules – Yiannis Chrysanthou
• How Eff Is Making Starttls Resistant To Active attacks – Jaco Hoffman Andrews Yan Zhu
• Capturing Passwords Into The Secure desktop – Marcio Almeida de Macedo Bruno Gonçalves de Oliveira
• Password Generators & Extended character set passwords – Stephen Lombardo William Gray
• Encryption And Authentication: Passwords  for all reasons- Jeffrey Goldberg
• Throw The User Id Down The Well – Daniel Reich
• Docatslikelemon? – Advanced Phrase Attacks and analysis – Marco Preuss
• Highlights Of Cmu’S Recent Work In preventing bad passwords – Sean Segreti Blase Ur
• How Forced Password Expiration Affects password choice – Bruce K. Marshall
• The Future Of Mobile Authentication Is Here –  Sam Crowther
• Is Pavlovian Password Management The answer – Lance James
• Proof Of Work As An Additional Factor Of authentication – ¨hilippe Paquet Jason Nehrboss
• Tradeoff Cryptanalysis Of Password Hashing schemes – Dmitry Khovratovich Alex Biryukov Johann Grobschä
• Password Hashing Delegation: How To Get clients work for you – Thomas Pornin
• All Your Sap P@$$W0Яdz Belong To Us – Dmitry Chastuhin Alex Polyakov
• Enhancing Password Based Key Derivation techniques – Stephen Lombardo, Nick Parker

La prochaine session de la PasswordsCon se déroulera en Norvège, le 8 et 9 décembre 2014.

Sources & ressources :

• PasswordsCon – official website
• PasswordsCon 2014 chaîne Youtube

Yann

Consultant Sécurité