Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
作者: Cormac Herley , Michael Mitzenmacher , Stuart Schechter
DOI:
关键词:
摘要: We propose to strengthen user-selected passwords against statistical-guessing attacks by allowing users of Internet-scale systems choose any password they want--so long as it's not already too popular with other users. create an oracle identify undesirably using existing data structure known a count-min sketch, which we populate users' and update each new user password. Unlike most applications probabilistic structures, seek achieve only maximum acceptable rate false-positives, set minimum false-positive confound attackers who might query the or even obtain copy it.
harvard.edu 参考文章(21)
Eugene H. Spafford, Refereed articles: OPUS: Preventing weak password choices Computers & Security. ,vol. 11, pp. 273- 278 ,(1992) , 10.1016/0167-4048(92)90207-8
D.V. Klein, Foiling the cracker: A survey of, and improvements to, password security Programming and Computer Software. ,vol. 17, ,(1992)
Eugene H. Spafford, Preventing Weak Password Choices ,(1991)
Donald A. Norman, THE WAY I SEE ITWhen security gets in the way Interactions. ,vol. 16, pp. 60- 63 ,(2009) , 10.1145/1620693.1620708
Cristian Estan, George Varghese, New directions in traffic measurement and accounting ACM Transactions on Computer Systems. ,vol. 21, pp. 270- 313 ,(2003) , 10.1145/859716.859719
F. Bergadano, B. Crispo, G. Ruffo, Proactive password checking with decision trees computer and communications security. pp. 67- 77 ,(1997) , 10.1145/266420.266437
Saar Cohen, Yossi Matias, Spectral bloom filters international conference on management of data. pp. 241- 252 ,(2003) , 10.1145/872757.872787
Anne Adams, Martina Angela Sasse, Users are not the enemy Communications of The ACM. ,vol. 42, pp. 40- 46 ,(1999) , 10.1145/322796.322806
Jianxin Jeff Yan, A note on proactive password checking new security paradigms workshop. pp. 127- 135 ,(2001) , 10.1145/508171.508194
Graham Cormode, S. Muthukrishnan, An improved data stream summary: the count-min sketch and its applications Journal of Algorithms. ,vol. 55, pp. 58- 75 ,(2005) , 10.1016/J.JALGOR.2003.12.001