scispace - formally typeset
Search or ask a question
Topic

Password cracking

About: Password cracking is a research topic. Over the lifetime, 1438 publications have been published within this topic receiving 31113 citations. The topic is also known as: password hacking & brute force cracking.


Papers
More filters
Journal ArticleDOI
TL;DR: A modified smart card based remote user password authentication scheme to overcome the weaknesses of Chen et al.'s scheme and shows that it is user friendly and more secure than other related schemes.

250 citations

Proceedings ArticleDOI
18 May 2014
TL;DR: In this paper, a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, when done correctly, they perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state of the art password model in recent research.
Abstract: A probabilistic password model assigns a probability value to each string. Such models are useful for research into understanding what makes users choose more (or less) secure passwords, and for constructing password strength meters and password cracking utilities. Guess number graphs generated from password models are a widely used method in password research. In this paper, we show that probability-threshold graphs have important advantages over guess-number graphs. They are much faster to compute, and at the same time provide information beyond what is feasible in guess-number graphs. We also observe that research in password modeling can benefit from the extensive literature in statistical language modeling. We conduct a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state-of-the-art password model in recent research.

248 citations

Proceedings ArticleDOI
10 May 2005
TL;DR: This paper proposes a technique that uses a strengthened cryptographic hash function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize only a single short password, and presents Password Multiplier, an implementation in the form of an extension to the Mozilla Firefox web browser.
Abstract: Computer users are asked to generate, keep secret, and recall an increasing number of passwords for uses including host accounts, email servers, e-commerce sites, and online financial services. Unfortunately, the password entropy that users can comfortably memorize seems insufficient to store unique, secure passwords for all these accounts, and it is likely to remain constant as the number of passwords (and the adversary's computational power) increases into the future. In this paper, we propose a technique that uses a strengthened cryptographic hash function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize only a single short password. This mechanism functions entirely on the client; no server-side changes are needed. Unlike previous approaches, our design is both highly resistant to brute force attacks and nearly stateless, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret. This combination of security and convenience will, we believe, entice users to adopt our scheme. We discuss the construction of our algorithm in detail, compare its strengths and weaknesses to those of related approaches, and present Password Multiplier, an implementation in the form of an extension to the Mozilla Firefox web browser.

247 citations

Proceedings ArticleDOI
04 Nov 2013
TL;DR: This work studies the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy to find significant correlations between a number of demographic and behavioral factors and password strength.
Abstract: Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specifically collected for a research study or from low-value accounts. Properties of passwords used for high-value accounts thus remain poorly understood.We fill this gap by studying the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy. Key aspects of our contributions rest on our (indirect) access to plaintext passwords. We describe our data collection methodology, particularly the many precautions we took to minimize risks to users. We then analyze how guessable the collected passwords would be during an offline attack by subjecting them to a state-of-the-art password cracking algorithm. We discover significant correlations between a number of demographic and behavioral factors and password strength. For example, we find that users associated with the computer science school make passwords more than 1.5 times as strong as those of users associated with the business school. while users associated with computer science make strong ones. In addition, we find that stronger passwords are correlated with a higher rate of errors entering them.We also compare the guessability and other characteristics of the passwords we analyzed to sets previously collected in controlled experiments or leaked from low-value accounts. We find more consistent similarities between the university passwords and passwords collected for research studies under similar composition policies than we do between the university passwords and subsets of passwords leaked from low-value accounts that happen to comply with the same policies.

240 citations

PatentDOI
TL;DR: An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just before receipt of the transmission code.

234 citations


Network Information
Related Topics (5)
Encryption
98.3K papers, 1.4M citations
85% related
Server
79.5K papers, 1.4M citations
82% related
Mobile computing
51.3K papers, 1M citations
81% related
Wireless ad hoc network
49K papers, 1.1M citations
80% related
Wireless sensor network
142K papers, 2.4M citations
80% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202327
202273
202154
202072
201982
201887