A state-of-the-art password strength analysis demonstrator
作者: Nico van Heijningen
DOI:
关键词:
摘要: Due to recent developments: leaks of large lists user passwords (e.g. LinkedIn), new probabilistic password cracking techniques and the introduction using GPUs. Passwords can now be cracked faster than ever before. The leaked have been analyzed by hackers common patterns found inside are being exploited crack others. We a collection these generated list most in order furthermore, we compared distribution characters that English text. Next built state-of-the-art strength analysis demonstrator is able show which contained why it could considered ’weak’ password. modeled after realistic scenario an automated attack assessed ’strong’ should therefore ’survive’ such attack. convinced our improvement over current measurements because results lesser ’false sense security’ amongst its users helps them make their more resistant against attacks
tudelft.nl参考文章(15)
Lorrie Faith Cranor, Timothy Passaro, Patrick Gage Kelley, Timothy Vidas, Saranga Komanduri, Blase Ur, Michael Maass, Michelle L. Mazurek, Joel Lee, Lujo Bauer, Nicolas Christin, Richard Shay, How does your password measure up? the effect of strength meters on password creation usenix security symposium. pp. 5- 5 ,(2012)
Roel Van Der Jagt, Marcus Bakker, GPU-based password cracking hgpu.org. ,(2011)
Gaëtan Leurent, MD4 is Not One-Way fast software encryption. pp. 412- 428 ,(2008) , 10.1007/978-3-540-71039-4_26
Philippe Oechslin, Making a Faster Cryptanalytic Time-Memory Trade-Off Advances in Cryptology - CRYPTO 2003. ,vol. 2729, pp. 617- 630 ,(2003) , 10.1007/978-3-540-45146-4_36
Sudhir Aggarmal, Charles Matthew Weir, Using probabilistic techniques to aid in password cracking attacks Using probabilistic techniques to aid in password cracking attacks. pp. 139- 139 ,(2010)
David Mazières, Niels Provos, A future-adaptive password scheme usenix annual technical conference. pp. 32- 32 ,(1999)
M. Hellman, A cryptanalytic time-memory trade-off IEEE Transactions on Information Theory. ,vol. 26, pp. 401- 406 ,(1980) , 10.1109/TIT.1980.1056220
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez, Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms ieee symposium on security and privacy. pp. 523- 537 ,(2012) , 10.1109/SP.2012.38
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern, Testing metrics for password creation policies by attacking large sets of revealed passwords Proceedings of the 17th ACM conference on Computer and communications security - CCS '10. pp. 162- 175 ,(2010) , 10.1145/1866307.1866327