PLUG: Everything We Know About CyberSecurity is Wrong (Ryan Byrd)

The exploits and security breaches which are technically feasible and the ones that actually occur in the wild are two very different things. There are two common, bad assumptions: one, that people choose random passwords and two, that passwords are broken with dumb brute force. Neither of those assumptions are correct. Brute force attacks are never used on passwords of longer than six characters because it takes too long. So instead, hackers use word list attacks that combine list of words gathered from hacked passwords, Wikipedia, the Gutenberg Project and YouTube comments and then combine those words in unique ways (https://hashcat.net/wiki/doku.php?id=oclhashcat has over 5100 rules to do this). This so-called intelligent brute force reduces the candidate key space and makes attacks possible on 55 character or longer passwords.

Ryan is a computer engineer working at the base of the Rocky Mountains. Sometimes he solves hard problems, builds embedded devices, creates web applications and automates processes for good people. Sometimes he just keeps bees. He's very busy and important.

Just go in the front doors, and follow the signs. We're usually in a conference in the back of the main floor.