Practical Password Hardening Based on TLS
作者: Constantinos Diomedous , Elias Athanasopoulos
DOI: 10.1007/978-3-030-22038-9_21
关键词: Usability 、 Computer science 、 User authentication 、 Password 、 Hardening (computing) 、 Computer security
摘要: Text-based passwords are still the dominant form of user authentication in remote services. Beyond many usability issues associated with handling several text-based passwords, security is also an important dimension. Through years, a significant amount on-line services has been compromised and their stored have leaked. Once database compromised, it takes little time for program to crack cryptographically hashed (weak) no matter algorithm used.
springer.com
sci-hub.st 参考文章(22)
Lorrie Faith Cranor, Timothy Passaro, Patrick Gage Kelley, Timothy Vidas, Saranga Komanduri, Blase Ur, Michael Maass, Michelle L. Mazurek, Joel Lee, Lujo Bauer, Nicolas Christin, Richard Shay, How does your password measure up? the effect of strength meters on password creation usenix security symposium. pp. 5- 5 ,(2012)
Nikolaos Karapanos, Srdjan Capkun, On the effective prevention of TLS man-in-the-middle attacks in web applications usenix security symposium. pp. 671- 686 ,(2014)
David Mazières, Niels Provos, A future-adaptive password scheme usenix annual technical conference. pp. 32- 32 ,(1999)
Thomas D. Wu, The Secure Remote Password Protocol. network and distributed system security symposium. ,(1998)
R. Canetti, H. Krawczyk, M. Bellare, HMAC: Keyed-Hashing for Message Authentication RFC. ,vol. 2104, pp. 1- 11 ,(1997)
Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, Angelos D. Keromytis, SAuth: protecting user accounts from password database leaks computer and communications security. pp. 187- 198 ,(2013) , 10.1145/2508859.2516746
Luis von Ahn, Benjamin Maurer, Colin McMillen, David Abraham, Manuel Blum, reCAPTCHA: Human-Based Character Recognition via Web Security Measures Science. ,vol. 321, pp. 1465- 1468 ,(2008) , 10.1126/SCIENCE.1160379
Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, XiaoFeng Wang, The Tangled Web of Password Reuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23357
Xiaoyun Wang, Hongbo Yu, How to break MD5 and other hash functions theory and application of cryptographic techniques. pp. 19- 35 ,(2005) , 10.1007/11426639_2
Shirley Gaw, Edward W. Felten, Password management strategies for online accounts symposium on usable privacy and security. pp. 44- 55 ,(2006) , 10.1145/1143120.1143127