Open Access
Spelling-error tolerant, order-independent pass-phrases via the damerau-levenshtein string-edit distance metric
Gregory V. Bard
- pp 117-124
TLDR
This paper explores methods for making pass-phrases suitable for use with password-based authentication and key-exchange (PAKE) protocols, and in particular, with schemes resilient to server-file compromise.Abstract:
It is well understood that passwords must be very long and complex to have sufficient entropy for security purposes. Unfortunately, these passwords tend to be hard to memorize, and so alternatives are sought. Smart Cards, Biometrics, and Reverse Turing Tests (human-only solvable puzzles) are options, but another option is to use pass-phrases.
This paper explores methods for making pass-phrases suitable for use with password-based authentication and key-exchange (PAKE) protocols, and in particular, with schemes resilient to server-file compromise. In particular, the Ω-method of Gentry, MacKenzie and Ramzan, is combined with the Bellovin-Merritt protocol to provide mutual authentication (in the random oracle model (Canetti, Goldreich & Halevi 2004, Bellare, Boldyreva & Palacio 2004, Maurer, Renner & Holenstein 2004)). Furthermore, since common password-related problems are typographical errors, and the CAPSLOCK key, we show how a dictionary can be used with the Damerau-Levenshtein string-edit distance metric to construct a case-insensitive pass-phrase system that can tolerate zero, one, or two spelling-errors per word, with no loss in security. Furthermore, we show that the system can be made to accept pass-phrases that have been arbitrarily reordered, with a security cost that can be calculated.
While a pass-phrase space of 2128 is not achieved by this scheme, sizes in the range of 252 to 2112 result from various selections of parameter sizes. An attacker who has acquired the server-file must exhaust over this space, while an attacker without the server-file cannot succeed with non-negligible probability.read more
Citations
More filters
Proceedings ArticleDOI
Testing metrics for password creation policies by attacking large sets of revealed passwords
TL;DR: This paper attempts to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies, by modeling the success rate of current password cracking techniques against real user passwords.
Proceedings ArticleDOI
Comparing software metrics tools
TL;DR: It is shown that existing software metric tools interpret and implement the definitions of object-oriented software metrics differently and this delivers tool-dependent metrics results and has even implications on the results of analyses based on these metrics results.
Journal ArticleDOI
Learning of spatiotemporal patterns in a spiking neural network with resistive switching synapses.
Wei Wang,Giacomo Pedretti,Valerio Milo,Roberto Carboni,Alessandro Calderoni,Nirmal Ramaswamy,Alessandro S. Spinelli,Daniele Ielmini +7 more
TL;DR: It is shown that, due to the sensitivity to precise spike timing, the spatiotemporal neural network is able to mimic the sound azimuth detection of the human brain.
Proceedings ArticleDOI
Correct horse battery staple: exploring the usability of system-assigned passphrases
Richard Shay,Patrick Gage Kelley,Saranga Komanduri,Michelle L. Mazurek,Blase Ur,Timothy Vidas,Lujo Bauer,Nicolas Christin,Lorrie Faith Cranor +8 more
TL;DR: System-assigned passphrases performed similarly to system-assignment passwords of similar entropy across the usability metrics, and did not seem to increase when the dictionary from which words were chosen was shrunk, reduced the number of words in a passphrase, or allowed users to change the order of words.
Department of Computer Science and Engineering
TL;DR: In this article, the authors present a survey of postgraduate students: Vladimír Arnot, Daniel Čapek, Rudolf Čejka, Dao Minh, Tomá Dulík, Martin Hrubý, Radek Kočí, Petr Kotásek, Marek Křejpský and Bohuslav KŘena, Vladislav Kubíček.
References
More filters
Book
Computers and Intractability: A Guide to the Theory of NP-Completeness
TL;DR: The second edition of a quarterly column as discussed by the authors provides a continuing update to the list of problems (NP-complete and harder) presented by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NP-Completeness,” W. H. Freeman & Co., San Francisco, 1979.
Journal Article
Binary codes capable of correcting deletions, insertions, and reversals
Reducibility Among Combinatorial Problems.
TL;DR: Throughout the 1960s I worked on combinatorial optimization problems including logic circuit design with Paul Roth and assembly line balancing and the traveling salesman problem with Mike Held, which made me aware of the importance of distinction between polynomial-time and superpolynomial-time solvability.
Journal ArticleDOI
The String-to-String Correction Problem
TL;DR: An algorithm is presented which solves the string-to-string correction problem in time proportional to the product of the lengths of the two strings.
Book ChapterDOI
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data
TL;DR: This work provides formal definitions and efficient secure techniques for turning biometric information into keys usable for any cryptographic application, and reliably and securely authenticating biometric data.