Vishwakarma, Deepak and Madhavan, Veni CE (2014) Efficient Dictionary for Salted Password Analysis. In: IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT) .
PDF
iee_int_con_ele_com_com_tec_2014.pdf - Published Version Restricted to Registered users only Download (3MB) | Request a copy |
Abstract
User authentication is essential for accessing computing resources, network resources, email accounts, online portals etc. To authenticate a user, system stores user credentials (user id and password pair) in system. It has been an interested field problem to discover user password from a system and similarly protecting them against any such possible attack. In this work we show that passwords are still vulnerable to hash chain based and efficient dictionary attacks. Human generated passwords use some identifiable patterns. We have analysed a sample of 19 million passwords, of different lengths, available online and studied the distribution of the symbols in the password strings. We show that the distribution of symbols in user passwords is affected by the native language of the user. From symbol distributions we can build smart and efficient dictionaries, which are smaller in size and their coverage of plausible passwords from Key-space is large. These smart dictionaries make dictionary based attacks practical.
Item Type: | Journal Article |
---|---|
Publication: | IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT) |
Series.: | IEEE International Conference on Electronics Computing and Communication Technologies |
Publisher: | IEEE |
Additional Information: | Copy right for this article belongs to the IEEE |
Keywords: | authentication; security; hash function; password cracking; hash chain; salted passwords; smart dictionary |
Department/Centre: | Division of Electrical Sciences > Computer Science & Automation |
Date Deposited: | 15 Apr 2015 10:09 |
Last Modified: | 15 Apr 2015 10:09 |
URI: | http://eprints.iisc.ac.in/id/eprint/51172 |
Actions (login required)
View Item |