Arvind Narayanan
ABSTRACT
Human-memorable passwords are a mainstay of computer security. To decrease vulnerability of passwords to brute-force dictionary attacks, many organizations enforce complicated password-creation rules and require that passwords include numerals and special characters. We demonstrate that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large.Our first insight is that the distribution of letters in easy-to-remember passwords is likely to be similar to the distribution of letters in the users' native language. Using standard Markov modeling techniques from natural language processing, this can be used to dramatically reduce the size of the password space to be searched. Our second contribution is an algorithm for efficient enumeration of the remaining password space. This allows application of time-space tradeoff techniques, limiting memory accesses to a relatively small table of "partial dictionary" sizes and enabling a very fast dictionary attack.We evaluated our method on a database of real-world user password hashes. Our algorithm successfully recovered 67.6% of the passwords using a 2 x 109 search space. This is a much higher percentage than Oechslin's "rainbow" attack, which is the fastest currently known technique for searching large keyspaces. These results call into question viability of human-memorable character-sequence passwords as an authentication mechanism.
- MD5 online cracking using rainbow tables. http://www.passcracking.com/.]]Google Scholar
- M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In Proc. EUROCRYPT '00, volume 1807 of LNCS, pages 139--155. Springer, 2000.]]Google Scholar
- S. Bellovin and M. Merritt. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proc. IEEE Security and Privacy Symposium, pages 72--84. IEEE Computer Society, 1992.]] Google ScholarDigital Library
- A. Booker. The Nth prime algorithm. http://primes.utm.edu/nthprime/algorithm.php, 2005.]]Google Scholar
- J. Borst, B. Preneel, and J. Vandewalle. On the time-memory tradeoff between exhaustive key search and table precomputation. In Proc. 19th Symposium on Information Theory in the Benelux, pages 111--118, 1998.]]Google Scholar
- V. Boyko, P. MacKenzie, and S. Patel. Provably secure password-authenticated key exchange using Diffie-Hellman. In Proc. EUROCRYPT '00, volume 1807 of LNCS, pages 156--171. Springer, 2000.]]Google Scholar
- W. Burr, D. Dodson, and W. Polk. Electronic authentication guideline. NIST Special Publication 800-63, 2004.]]Google Scholar
- D. Davis, F. Monrose, and M. Reiter. On user choice in graphic password schemes. In Proc. 13th USENIX Security Symposium, pages 151--164. USENIX, 2004.]] Google ScholarDigital Library
- D. Denning. Cryptography and Data Security. Addison-Wesley, 1982.]] Google ScholarDigital Library
- D. C. Feldmeier and P. R. Karn. UNIX password security - ten years later. In Proc. CRYPTO '89, volume 435 of LNCS, pages 44--63. Springer, 1989.]] Google ScholarDigital Library
- A. Fiat and M. Naor. Rigorous time/space tradeoffs for inverting functions. In Proc. STOC '91, pages 534--541. ACM, 1991.]] Google ScholarDigital Library
- G. D. Forney. The Viterbi algorithm. Proceedings of the IEEE, 61(3):268--278, 1973.]]Google ScholarCross Ref
- C. Gentry, P. MacKenzie, and Z. Ramzan. Password authenticated key exchange using hidden smooth subgroups. In these proceedings, 2005.]] Google ScholarDigital Library
- O. Goldreich and Y. Lindell. Session-key generation using human random passwords. In Proc. CRYPTO '01, volume 2139 of LNCS, pages 408--432. Springer, 2001.]] Google ScholarDigital Library
- T. L. Griffiths and J. B. Tenenbaum. Probability, algorithmic complexity, and subjective randomness. In Proceedings of the 25th Annual Conference of the Cognitive Science Society, 2003.]]Google Scholar
- T. L. Griffiths and J. B. Tenenbaum. From algorithmic to subjective randomness. In Advances in Neural Information Processing Systems 16, 2004.]]Google Scholar
- M. Hellman. A cryptanalytic time-memory tradeoff. IEEE Transactions on Information Theory, 26:401--406, 1980.]]Google ScholarDigital Library
- I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin. The design and analysis of graphical passwords. In Proc. 8th USENIX Security Symposium, pages 135--150. USENIX, 1999.]] Google ScholarDigital Library
- J. Katz, R. Ostrovsky, and M. Yung. Efficient password-authenticated key exchange using human-memorable passwords. In Proc. EUROCRYPT '01, volume 2045 of LNCS, pages 475--494. Springer, 2001.]] Google ScholarDigital Library
- B. Kerbs. DNA key to decoding human factor. The Washington Post, March 28, 2005. http://www.washingtonpost.com/wp-dyn/articles/A6098-2005Mar28.html.]]Google Scholar
- K. Kusuda and T. Matsumoto. Optimization of time-memory trade-off cryptanalysis and its application to DES, FEAL-32 and Skipjack. IEICE Transactions on Fundamentals, E79-A(1):35--48, 1996.]]Google Scholar
- K. Kusuda and T. Matsumoto. Achieving higher success probability in time-memory trade-off cryptanalysis without increasing memory size. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1999.]]Google Scholar
- R. Li and P. Vitanyi. An Introduction to Kolmogorov Complexity and Its Applications. Springer, 1997.]] Google ScholarDigital Library
- S. Lucks. Open key exchange: how to defeat dictionary attacks without encrypting public keys. In Proc. Security Protocols Workshop, volume 1361 of em LNCS. Springer, 1997.]] Google ScholarDigital Library
- G. A. Miller. The magical number seven, plus or minus two: Some limits on our capacity for processing information. Psychological Review, 63:81--97, 1956.]]Google ScholarCross Ref
- F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. International Journal of Information Security, 1(2):69--93, 2002.]]Google ScholarCross Ref
- R. Morris and K. Thomson. Password security: A case history. In Communications of the ACM, Vol.22, No.11, pages 594--597, 1979.]] Google ScholarDigital Library
- P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In Proc. CRYPTO '03, volume 2729 of LNCS, pages 617--630. Springer, 2003.]]Google Scholar
- Openwall Project. John the Ripper password cracker. http://www.openwall.com/john/, 2005.]]Google Scholar
- Openwall Project. Wordlists collection. http://www.openwall.com/wordlists/, 2005.]]Google Scholar
- B. Pinkas and T. Sander. Securing passwords against dictionary attacks. In Proc. 9th ACM Conference on Computer and Communications Security (CCS), pages 161--170. ACM, 2002.]] Google ScholarDigital Library
- L. R. Rabiner. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2):257--286, 1989.]]Google ScholarCross Ref
- Zhu Shuanglei. Project RainbowCrack. http://www.antsight.com/zsl/rainbowcrack/, 2005.]]Google Scholar
- F. Standaert, G. Rouvroy, J.J. Quisquater, and J. Legat. A time/memory tradeoff using distinguished points: new analysis and FPGA results. In Proc. CHES 2002, volume 2523 of LNCS, pages 593--609. Springer, 2002.]] Google ScholarDigital Library
- S. Stubblebine and P. van Oorschot. Addressing online dictionary attacks with login histories and humans-in-the-loop. In Proc. Financial Cryptography, volume 3110 of LNCS, pages 39--53. Springer, 2004.]]Google Scholar
- J. Thorpe and P. van Oorschot. Graphical dictionary and the memorable space of graphical passwords. In Proc. 13th USENIX Security Symposium, pages 135--150. USENIX, 2004.]] Google ScholarDigital Library
Index Terms
- Fast dictionary attacks on passwords using time-space tradeoff
Recommendations
Exploiting predictability in click-based graphical passwords
We provide an in-depth study of the security of click-based graphical password schemes like PassPoints (Weidenbeck et al., 2005), by exploring popular points (hot-spots), and examining strategies to predict and exploit them in guessing attacks. We ...
Security implications of password discretization for click-based graphical passwords
WWW '13: Proceedings of the 22nd international conference on World Wide WebDiscretization is a standard technique used in click-based graphical passwords for tolerating input variance so that approximately correct passwords are accepted by the system. In this paper, we show for the first time that two representative ...
Passwords decay, words endure: secure and re-usable multiple password mnemonics
SAC '07: Proceedings of the 2007 ACM symposium on Applied computingResearch on password authentication systems has repeatedly shown that people choose weak passwords because of the difficulty of remembering random passwords. Moreover, users with multiple passwords for unrelated activities tend to choose almost similar ...
Comments