On predictive models and user-drawn graphical passwords
作者: P. C. van Oorschot , Julie Thorpe
关键词: Zero-knowledge password proof 、 S/KEY 、 Password psychology 、 Password 、 One-time password 、 Cognitive password 、 Password policy 、 Computer security 、 Password strength 、 Computer science 、 Theoretical computer science
摘要: In commonplace text-based password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and thus vulnerable brute-force dictionary attacks. This leads us ask whether other types of (e.g., graphical) also attack because tending memorable passwords. We suggest a method predict model number such classes for systems where created solely from user's memory. hypothesize these define weak subspaces suitable an dictionary. For user-drawn graphical passwords, we apply this with cognitive studies on visual recall. These motivate set complexity factors reflective symmetry stroke count), which classes. To better understand the size and, thus, how they might be, use “Draw-A-Secret” (DAS) scheme Jermyn et al. [1999] as example. analyze DAS under convenient parameter choices show can be combined apparently popular have bit sizes ranging 31 41—a surprisingly small proportion full space (58 bits). Our results quantitatively support suggestions employ measures, rules or guidelines proactive checking.
acm.org
sci-hub.se 参考文章(40)
Eugene H. Spafford, Refereed articles: OPUS: Preventing weak password choices Computers & Security. ,vol. 11, pp. 273- 278 ,(1992) , 10.1016/0167-4048(92)90207-8
Newman Fabian Monrose, Zvi M. Kedem, Towards stronger user authentication New York University. ,(1999)
Wayne Jansen, Serban Gavrila, Vlad Korolev, Rick Ayers, Ryan Swanstrom, Picture Password: A Visual Login Technique for Mobile Devices National Institute of Standards and Technology (U.S.). ,(2003) , 10.6028/NIST.IR.7030
Fabian Monrose, Ian Jermyn, Aviel D. Rubin, Michael K. Reiter, Alain Mayer, The design and analysis of graphical passwords usenix security symposium. pp. 1- 1 ,(1999)
Christopher W. Tyler, Human Symmetry Perception and Its Computational Analysis ,(2002)
Fabian Monrose, Darren Davis, Michael K. Reiter, On user choice in graphical password schemes usenix security symposium. pp. 11- 11 ,(2004)
D.V. Klein, Foiling the cracker: A survey of, and improvements to, password security Programming and Computer Software. ,vol. 17, ,(1992)
David Mazières, Niels Provos, A future-adaptive password scheme usenix annual technical conference. pp. 32- 32 ,(1999)
Junko Nakajima, Mitsuru Matsui, Performance Analysis and Parallel Implementation of Dedicated Hash Functions international cryptology conference. pp. 165- 180 ,(2002) , 10.1007/3-540-46035-7_11
Alfred J Menezes, Paul C van Oorschot, Scott A Vanstone, Handbook of Applied Cryptography ,(1996)