This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure Password Project"
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | {| | ||
+ | |- | ||
+ | ! width="700" align="center" | <br> | ||
+ | ! width="500" align="center" | <br> | ||
+ | |- | ||
+ | | align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] | ||
+ | | align="right" | | ||
+ | |||
+ | |} | ||
==== Main ==== | ==== Main ==== | ||
− | + | This project will have a two pronged approach designed to put more nails in the single-factor method of authentication. First, we will create an interactive portal where penetration testers are able to enter known information about the target. This known information can then be broken down and converted to create a large downloadable dictionary list that has been customized to the target. This list will be added to a comprehensive standard dictionary with the character conversions performed on that as well. The result would be a large list of commonly used passwords, dictionary words, target specific passwords, and various derivitives of each which should cover the vast majority of passwords used today. | |
− | |||
− | |||
− | |||
+ | The second prong of our approach will be to capture the results of all data collected into a large database. This data will be hashed with common hashing methods to create what will become the world's largest rainbow tables. A user can provide us with a hash and we can do a lookup against these tables to search for matching entries. The goal here is to put a stop to unsalted password hashes for authentication. | ||
+ | We likely have one final non-technical objective here which is to educate end-users on the proper creation of passwords. Maybe we even have some sort of password generator based on a phrase that somebody types in. If you are interested in contributing to the project, please contact the Project Leader, Josh Sokol, at josh dot sokol at owasp dot org. | ||
Latest revision as of 20:02, 23 January 2014
|
|
---|---|
Main
This project will have a two pronged approach designed to put more nails in the single-factor method of authentication. First, we will create an interactive portal where penetration testers are able to enter known information about the target. This known information can then be broken down and converted to create a large downloadable dictionary list that has been customized to the target. This list will be added to a comprehensive standard dictionary with the character conversions performed on that as well. The result would be a large list of commonly used passwords, dictionary words, target specific passwords, and various derivitives of each which should cover the vast majority of passwords used today.
The second prong of our approach will be to capture the results of all data collected into a large database. This data will be hashed with common hashing methods to create what will become the world's largest rainbow tables. A user can provide us with a hash and we can do a lookup against these tables to search for matching entries. The goal here is to put a stop to unsalted password hashes for authentication.
We likely have one final non-technical objective here which is to educate end-users on the proper creation of passwords. Maybe we even have some sort of password generator based on a phrase that somebody types in. If you are interested in contributing to the project, please contact the Project Leader, Josh Sokol, at josh dot sokol at owasp dot org.
Project About
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|