Skip to main content
Springer Nature Link
Log in

Cost-Asymmetric Memory Hard Password Hashing

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13409))

Included in the following conference series:

  • 864 Accesses

Abstract

In the past decade billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user’s password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker’s guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can significantly reduce the percentage of user passwords that are cracked by a rational attacker by up to \(10\%\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The salt value protects against pre-computation attacks such as rainbow tables and ensures that the attacker must crack each individual password separately. For example, even if Alice and Bob select the same password \(pw_A=pw_B\) their password hashes will almost certainly be different i.e., \(h_A = H(pw_A, salt_A) \ne H(pw_B, salt_B) = h_B\) due to the different choice of values and collision resistance of the cryptographic hash function H.

  2. 2.

    We use the concept and notation of subset and superset for ordered sequences the way they were defined for regular set. If all elements of sequence A are also elements of sequence B regardless the order, we say \(A \subseteq B\).

  3. 3.

    The password datasets we analyze and experiment with are publicly available and widely used in literature research. We did not crack any new passwords. Thus, our usage of the datasets would not cause further harm to users.

References

  1. Hashcat: advanced password recovery. https://hashcat.net/hashcat/

  2. Password hashing competition. https://password-hashing.net/

  3. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  4. Alwen, J., Blocki, J.: Efficiently computing data-independent memory-hard functions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 241–271. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_9

    Chapter  Google Scholar 

  5. Alwen, J., Blocki, J., Harsha, B.: Practical graphs for optimal side-channel resistant memory-hard functions. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1001–1017. ACM Press, Dallas, TX, USA, 31 Oct–2 Nov 2017. https://doi.org/10.1145/3133956.3134031

  6. Alwen, J., Blocki, J., Pietrzak, K.: Depth-robust graphs and their cumulative memory complexity. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 3–32. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_1

    Chapter  Google Scholar 

  7. Alwen, J., Chen, B., Pietrzak, K., Reyzin, L., Tessaro, S.: Scrypt is maximally memory-hard. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 33–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_2

    Chapter  Google Scholar 

  8. Ameri, M.H., Blocki, J., Zhou, S.: Computationally data-independent memory hard functions. In: Vidick, T. (ed.) ITCS 2020. vol. 151, pp. 36:1–36:28. LIPIcs, Seattle, WA, USA, 12–14 Jan 2020. https://doi.org/10.4230/LIPIcs.ITCS.2020.36

  9. Bai, W., Blocki, J.: DAHash: distribution aware tuning of password hashing costs. In: Borisov, N., Diaz, C. (eds.) FC 2021. LNCS, vol. 12675, pp. 382–405. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64331-0_20

    Chapter  Google Scholar 

  10. Bai, W., Blocki, J., Ameri, M.H.: Cost-asymmetric memory hard password hashing (2022). https://arxiv.org/abs/2206.12970

  11. Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: Security and Privacy (EuroS &P), 2016 IEEE European Symposium on, pp. 292–302. IEEE (2016)

    Google Scholar 

  12. Blocki, J., Datta, A.: CASH: a cost asymmetric secure hash algorithm for optimal password protection. In: IEEE 29th Computer Security Foundations Symposium, pp. 371–386 (2016)

    Google Scholar 

  13. Blocki, J., Harsha, B., Zhou, S.: On the economics of offline password cracking. In: 2018 IEEE Symposium on Security and Privacy. pp. 853–871. IEEE Computer Society Press, San Francisco, CA, USA, 21–23 May 2018. https://doi.org/10.1109/SP.2018.00009

  14. Blocki, J., Komanduri, S., Procaccia, A., Sheffet, O.: Optimizing password composition policies. In: Proceedings of the Fourteenth ACM Conference on Electronic Commerce, pp. 105–122. ACM (2013)

    Google Scholar 

  15. Boneh, D., Corrigan-Gibbs, H., Schechter, S.: Balloon hashing: a memory-hard function providing provable protection against sequential attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 220–248. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_8

    Chapter  Google Scholar 

  16. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552. IEEE Computer Society Press, San Francisco, CA, USA, 21–23 May 2012. https://doi.org/10.1109/SP.2012.49

  17. Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy, pp. 553–567. IEEE Computer Society Press, San Francisco, CA, USA, 21–23 May 2012. https://doi.org/10.1109/SP.2012.44

  18. Boyen, X.: Halting password puzzles: hard-to-break encryption from human-memorable keys. In: Provos, N. (ed.) USENIX Security 2007, pp. 6–10, Boston, MA, USA. Aug, USENIX Association (2007)

    Google Scholar 

  19. Campbell, J., Ma, W., Kleeman, D.: Impact of restrictive composition policy on user password choices. Behav. Inf. Technol. 30(3), 379–388 (2011)

    Article  Google Scholar 

  20. Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: NDSS 2014. The Internet Society, San Diego, CA, USA, 23–26 Feb 2014

    Google Scholar 

  21. Castelluccia, C., Chaabane, A., Dürmuth, M., Perito, D.: When privacy meets security: leveraging personal information for password cracking. arXiv preprint arXiv:1304.6584 (2013)

  22. Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: NDSS 2012. The Internet Society, San Diego, CA, USA, 5–8 Feb 2012

    Google Scholar 

  23. Designer, S.: John the ripper password cracker (2006)

    Google Scholar 

  24. Florêncio, D., Herley, C., Van Oorschot, P.C.: An administrator’s guide to Internet password research. In: Proceedings of the 28th USENIX Conference on Large Installation System Administration, pp. 35–52. LISA 2014 (2014)

    Google Scholar 

  25. Fossi, M., et al.: Symantec report on the underground economy (2008). Accessed 1 Aug 2013

    Google Scholar 

  26. Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383–392. CHI 2010, ACM, New York, NY, USA (2010). https://doi.org/10.1145/1753326.1753384

  27. Kaliski, B.: Pkcs# 5: password-based cryptography specification version 2.0 (2000)

    Google Scholar 

  28. Kelley, P.G., et al.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy, pp. 523–537. IEEE Computer Society Press, San Francisco, CA, USA, 21–23 May 2012. https://doi.org/10.1109/SP.2012.38

  29. Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: CHI, pp. 2595–2604 (2011). http://dl.acm.org/citation.cfm?id=1979321

  30. Liu, E., Nakanishi, A., Golla, M., Cash, D., Ur, B.: Reasoning analytically about password-cracking software. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 380–397. IEEE (2019)

    Google Scholar 

  31. Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, pp. 689–704. IEEE Computer Society Press, Berkeley, CA, USA, 18–21 May 2014. https://doi.org/10.1109/SP.2014.50

  32. Manber, U.: A simple scheme to make passwords based on one-way functions much harder to crack. Comput. Secur. 15(2), 171–176 (1996)

    Article  Google Scholar 

  33. Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, pp. 175–191. USENIX Association, Austin, TX, USA, 10–12 Aug 2016

    Google Scholar 

  34. Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  35. Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan 2009 (2009)

    Google Scholar 

  36. Provos, N., Mazieres, D.: Bcrypt algorithm. USENIX (1999)

    Google Scholar 

  37. Steves, M., Chisnell, D., Sasse, A., Krol, K., Theofanos, M., Wald, H.: Report: authentication diary study. Technical report NISTIR 7983, National Institute of Standards and Technology (NIST) (2014)

    Google Scholar 

  38. Stockley, M.: What your hacked account is worth on the dark web (2016). https://nakedsecurity.sophos.com/2016/08/09/what-your-hacked-account-is-worth-on-the-dark-web/

  39. Ur, B., et al.: How does your password measure up? the effect of strength meters on password creation. In: Proceedings of USENIX Security Symposium (2012)

    Google Scholar 

  40. Ur, B., et al.: Measuring real-world accuracies and biases in modeling password guessability. In: Jung, J., Holz, T. (eds.) USENIX Security 2015, pp. 463–481. USENIX Association, Washington, DC, USA, 12–14 Aug 2015

    Google Scholar 

  41. Vaneev, A.: BITEOPT - derivative-free optimization method (2021). https://github.com/avaneev/biteopt. c++ source code, with description and examples

  42. Veras, R., Collins, C., Thorpe, J.: On semantic patterns of passwords and their security impact. In: NDSS 2014. The Internet Society, San Diego, CA, USA, 23–26 Feb 2014

    Google Scholar 

  43. Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 IEEE Symposium on Security and Privacy, pp. 391–405. IEEE Computer Society Press, Oakland, CA, USA, 17–20 May 2009. https://doi.org/10.1109/SP.2009.8

Download references

Acknowledgments

The research was supported in part by the National Science Foundation under awards CNS #2047272 and by IARPA under the HECTOR program. Mohammad Hassan Ameri was also supported in part by a Summer Research Grant from Purdue University.

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, 47907, USA

    Wenjie Bai, Jeremiah Blocki & Mohammad Hassan Ameri

Authors
  1. Wenjie Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremiah Blocki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Hassan Ameri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeremiah Blocki .

Editor information

Editors and Affiliations

  1. Università degli Studi di Salerno, Fisciano, Italy

    Clemente Galdi

  2. University of California at Irvine, Irvine, CA, USA

    Stanislaw Jarecki

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bai, W., Blocki, J., Ameri, M.H. (2022). Cost-Asymmetric Memory Hard Password Hashing. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-14791-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-14790-6

  • Online ISBN: 978-3-031-14791-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics