Shunbin Li,Zhiyu Wang,Ruyun Zhang,Chunming Wu,Hanguang Luo

DOI: https://doi.org/10.1109/tdsc.2022.3217002

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Rule-based password generation is one of the most effective and often employed techniques in the highly compute-intensive password recovery process. However, it is challenging to design and maintain a practical password mangling ruleset, which is a time-consuming task requiring specialized expertise. This paper therefore introduced MDBSCAN (Modified Density-Based Spatial Clustering of Applications with Noise), a novel density-based cluster approach in machine learning, to build an automatic password mangling rule generator. To evaluate the proposed method, cross-checks across 4 different real-world password datasets leaked from popular Internet services and applications are adopted. The results indicate that the proposed generator could produce high-quality mangling rules with a better hit rate and enhance current mangling rules by identifying hidden or omitted rules. The proposed approach also shows strong interpretability and computational efficiency. When examining the RockYou password dataset with the top 77 rules, the hit rate may rise by 11% to 104% proportionally to other well-known solutions. Furthermore, by combining the top 77 rules generated by MDBSCAN with those from other rulesets, 3–12.67% more real-world passwords can be retrieved.

Wenjie Bai,Jeremiah Blocki,Mohammad Hassan Ameri

DOI: https://doi.org/10.48550/arXiv.2206.12970

2022-06-27

Abstract:In the past decade, billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user's password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker's guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can reduce significantly the percentage of user passwords that are cracked by a rational attacker by up to 10%.

Cryptography and Security

Wenjie Bai,Jeremiah Blocki

DOI: https://doi.org/10.48550/arXiv.2101.10374

2021-01-30

Abstract:An attacker who breaks into an authentication server and steals all of the cryptographic password hashes is able to mount an offline-brute force attack against each user's password. Offline brute-force attacks against passwords are increasingly commonplace and the danger is amplified by the well documented human tendency to select low-entropy password and/or reuse these passwords across multiple accounts. Moderately hard password hashing functions are often deployed to help protect passwords against offline attacks by increasing the attacker's guessing cost. However, there is a limit to how "hard" one can make the password hash function as authentication servers are resource constrained and must avoid introducing substantial authentication delay. Observing that there is a wide gap in the strength of passwords selected by different users we introduce DAHash (Distribution Aware Password Hashing) a novel mechanism which reduces the number of passwords that an attacker will crack. Our key insight ishat a resource-constrained authentication server can dynamically tune the hardness parameters of a password hash function based on the (estimated) strength of the user's password. We introduce a Stackelberg game to model the interaction between a defender (authentication server) and an offline attacker. Our model allows the defender to optimize the parameters of DAHash e.g., specify how much effort is spent to hash weak/moderate/high strength passwords. We use several large scale password frequency datasets to empirically evaluate the effectiveness of our differentiated cost password hashing mechanism. We find that the defender who uses our mechanism can reduce the fraction of passwords that would be cracked by a rational offline attacker by around 15%.

Cryptography and Security,Computer Science and Game Theory

Yu Sasaki,Lei Wang,Kazuo Ohta,Kazumaro Aoki,Noboru Kunihiro

DOI: https://doi.org/10.1587/transfun.e93.a.84

2010-01-01

Abstract:In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 237 queries to recover a password. Asking 237 queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 234 MD4 off-line computations. To recover up to 12-octet passwords, we only need 210 times the amount of eavesdropping, 210 queries, and 241 off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 263 queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping, 28 queries, and 239 off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.

Ding Wang,Gaopeng Jian,Ping Wang

2014-01-01

Abstract:Despite more than thirty years of intensive research efforts, textual passwords are still enveloped in mysterious veils. In this work, we make a substantial step forward in understanding the underlying distributions of passwords. By conducting linear regressions on a corpus of 97.2 million passwords (a mass of chaotic data), we for the first time show that Zipf’s law perfectly exists in user-generated passwords, figure out the corresponding exact distribution functions, and investigate some fundamental implications of our observations for password policies and password-based cryptographic protocols (e.g., authentication, encryption and signature). As one specific application of this law of nature, we propose the number of unique passwords used in regression and the absolute value of slope of the regression line together as a metric for assessing the strength of password datasets, and prove its correctness in a mathematically rigorous manner. In addition, extensive experiments (including optimal attacks, simulated optimal attacks and state-of-the-art cracking sessions) are performed to demonstrate the practical effectiveness of our metric. In two of four cases, our metric outperforms Bonneau’s α-guesswork in simplicity and to the best of knowledge, it is the first one that is both easy to approximate and accurate to facilitate comparisons, providing a useful tool for the security administrators to gain a precise grasp of the strength of their password datasets and to adjust the password policies more reasonably.

Ayse Nurdan Saran

DOI: https://doi.org/10.3389/fcomp.2024.1368362

2024-02-29

Frontiers in Computer Science

Abstract:A password hashing algorithm is a cryptographic method that transforms passwords into a secure and irreversible format. It is used not only for authentication purposes but also for key derivation mechanisms. The primary purpose of password hashing is to enhance the security of user credentials by preventing the exposure of plaintext passwords in the event of a data breach. As a key derivation function, password hashing aims to derive secret keys from a master key, password, or passphrase using a pseudorandom function. This review focuses on the design and analysis of time-memory trade-off (TMTO) attacks on recent password hashing algorithms. This review presents a comprehensive survey of TMTO attacks and recent studies on password hashing for authentication by examining the literature. The study provides valuable insights and strategies for safely navigating transitions, emphasizing the importance of a systematic approach and thorough testing to mitigate risk. The purpose of this paper is to provide guidance to developers and administrators on how to update cryptographic practices in response to evolving security standards and threats.

Ding Wang,Gaopeng Jian,Ping Wang

2015-01-01

Abstract:Despite more than thirty years of intensive research efforts, textual passwords are still enveloped in mysterious veils. In this work, we make a substantial step forward in understanding the underlying distributions of passwords. By conducting linear regressions on a corpus of 97.2 million passwords (a mass of chaotic data), we for the first time show that Zipf ’s law perfectly exists in user-generated passwords, figure out the corresponding exact distribution functions, and investigate some fundamental implications of our observations for password policies and password-based cryptographic protocols (e.g., authentication, encryption and signature). As one specific application of this law of nature, we propose the number of unique passwords used in regression and the absolute value of slope of the regression line together as a metric for assessing the strength of password datasets, and prove its correctness in a mathematically rigorous manner. In addition, extensive experiments (including optimal attacks, simulated optimal attacks and state-of-the-art cracking sessions) are performed to demonstrate the practical effectiveness of our metric. In two of four cases, our metric outperforms Bonneau’s α-guesswork in simplicity and to the best of knowledge, it is the first one that is both easy to approximate and accurate to facilitate comparisons, providing a useful tool for the security administrators to gain a precise grasp of the strength of their password datasets and to adjust the password policies more reasonably.

Shuo Zhang,Jianping Zeng,Zewen Zhang

DOI: https://doi.org/10.1109/icasid.2017.8285733

2017-01-01

Abstract:Currently the password security is serious, but there is not an appropriate metric for measuring passwords. Thus, the main purpose of this paper is to provide a security time period for the user's password in an online system, allowing the user to modify the password before the security period arrives to prevent the attacker from guessing correctly. We use the guessing chain to calculate the expected time that the attacker need to guess the target password correctly based on the guessing entropy. We assume that the attacker uses a dictionary attack, which is also a probability sequence, and the dictionary is non-ordered or ordered. At the same time, we analyze the large-scale password dataset Rockyou, which contains nearly 32 million passwords. And we assume that the ordered dictionary is organized in descending frequency, in which the probability of the occurrence of the password obeys a long-tailed distribution. We explore the form of the distribution function. And we first find that the simple Zipf distribution can better fit with the empirical distribution of ordered dictionary.

Liping Li,Qinglei Zhou,Bin Li,Xueming Si

DOI: https://doi.org/10.1109/CyberC.2018.00014

2018-01-01

Abstract:Identity authentication is the first line of defense to ensure the security of information systems, and passwords are the most widely used authentication method. Choosing a valid password structure is an effective way to prevent password attacks, such as password dictionary attack. This article talked 68386069 real plaintext passwords with statistical their various features, summarized several rules for generating highly utilized passwords in certain styles. Based on these statistical features and rules, it generated high-probability password structure gene banks. With them, it formulates a dictionary to generate the candidate passwords. Thereby, this can enhance the efficiency of password recovery. We conducted extensive experiments by the real password test data, and the experimental results, compared with the dictionary provided by major websites, show that the dictionary of high probability password structure hit rate increased by about 30%. At the same time, this dictionary can save about one-third of the running time.

Haodong Zhang,Chuanwang Wang,Wenqiang Ruan,Junjie Zhang,Ming Xu,Weili Han

DOI: https://doi.org/10.1145/3485832.3488025

2021-01-01

Abstract:Users usually create their passwords with meaningful digits, i.e. digit semantics, which can be partially exploited by probabilistic password guessing models with a data-driven methodology for better efficiency. However, these semantics are largely ignored by current practical password cracking tools, like John the Ripper (JtR) and Hashcat. In this paper, we are motivated to study the digit semantics in passwords and exploit them to improve the guessing efficiency of practical password cracking tools. We first design a practical extraction tool of digit semantics in passwords. Then we conduct a comprehensive empirical analysis of the digit semantics in four large-scale password sets leaked from the real world. Based on the analysis results, we further propose two new operations (the basic unit to construct mangling rules), then generate 1,974 digit semantics rules constructed from them. Moreover, in order to enforce semantics rules in JtR and Hashcat, we optimize their rule engines and running logic with the compatibility of the original built-in operations. The evaluation on the real password sets shows the significant advantage of digit semantics rules to extend current typical rule sets when we crack both Chinese and English (two of the largest user groups) passwords with digit strings.

Jing Zou,Dongdai Lin,Guo-Cui Mi

DOI: https://doi.org/10.1109/icmlc.2011.6016851

2011-01-01

Abstract:Due to the parallel nature of brute force attack, it is well suited to use parallel or distributed computing to recover passwords encrypted by one-way hash functions. When distributing the password cracking task between threads or nodes, it is necessary to divide the search space into several subspaces. It is ideal that the size of these subspaces is the same for a load balanced solution. However, increasing the length of passwords will raise the number of combinations exponentially. This will raises issues for the search space uniform partition. This paper presents a universal distributed model for password cracking capable of dividing the search space evenly. For this, the paper addresses the definition of a base-n-like number, and discusses operations on it and relations with base-n number. The model is data independent, easily implemented and needs a few of communications. Experimental results are then shown.

Zhenqi Li,Bin Zhang,Yao Lu,Jing Zou,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-642-34129-8_29

2012-01-01

Abstract:In this paper, we propose a new attack for block ciphers by applying the well known time-memory-data (TMD) trade-off to plaintext recovery attack (PRA), thus creating two new schemes: TMD-PRA-I and TMD-PRA-II. Compared with the traditional trade-off attacks, these two schemes possess several robust properties which can greatly increase the success probability and enhance the process of analysis. We also evaluate the performance of our schemes by applying them to several block ciphers like DES, Triple-DES, Skipjack and AES. Results show that they have favourable performance especially when the key size is larger than the block size, which gives us a reminder that PRA based on TMD trade-off should be considered when designing a new cryptographic scheme.

Ding Wang,Yunkai Zou,Yuan-An Xiao,Siqi Ma,Xiaofeng Chen

2023-01-01

Abstract:While password stuffing attacks (that exploit the direct password reuse behavior) have gained considerable attention, only a few studies have examined password tweaking attacks, where an attacker exploits users' indirect reuse behaviors (with edit operations like insertion, deletion, and substitution). For the first time, we model the password tweaking attack as a multi-class classification problem for characterizing users' password edit/modification processes, and propose a generative model coupled with the multi-step decision-making mechanism, called PASS2EDIT, to accurately characterize users' password reuse/modification behaviors. We demonstrate the effectiveness of PASS2EDIT through extensive experiments, which consist of 12 practical attack scenarios and employ 4.8 billion real-world passwords. The experimental results show that PASS2EDIT and its variant significantly improve over the prior art. More specifically, when the victim's password at site A (namely pwA) is known, within 100 guesses, the cracking success rate of PASS2EDIT in guessing her password at site B ( pw(B) not equal pw(A)) is 24.2% (for common users) and 11.7% (for security-savvy users), respectively, which is 18.2%-33.0% higher than its foremost counterparts. Our results highlight that password tweaking is a much more damaging threat to password security than expected.

Zhixiong Zheng,Haibo Cheng,Zijian Zhang,Yiming Zhao,Ping Wang

DOI: https://doi.org/10.1155/2018/6160125

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:We present in this paper an alternative method for understanding user-chosen passwords. In password research, much attention has been given to increasing the security and usability of individual passwords for common users. Few of them focus on the relationships between passwords; therefore we explore the relationships between passwords: modification-based, similarity-based, and probability-based. By regarding passwords as vertices, we shed light on how to transforma dataset of passwords into a password graph. Subsequently, we introduce some novel notions from graph theory and report on a number of inner properties of passwords from the perspective of graph. With the assistance of Python Graph-tool, we are able to visualize our password graph to deliver an intuitive grasp of user-chosen passwords. Five real-world password datasets are used in our experiments to fulfill our thorough experiments. We discover that (1) some passwords in a dataset are tightly connected with each other; (2) they have the tendency to gather together as a cluster like they are in a social network; (3) password graph has logarithmic distribution for its degrees. Top clusters in password graph could be exploited to obtain the effective mangling rules for cracking passwords. Also, password graph can be utilized for a new kind of password strength meter.

Jeremiah Blocki,Ben Harsha,Samson Zhou

DOI: https://doi.org/10.48550/arXiv.2006.05023

2020-06-09

Abstract:We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with $10^5$ hash iterations exceeds 2017 NIST minimum recommendation by an order of magnitude. Nevertheless, our analysis paints a bleak picture: the adopted key-stretching levels provide insufficient protection for user passwords. In particular, we present strong evidence that most user passwords follow a Zipf's law distribution, and characterize the behavior of a rational attacker when user passwords are selected from a Zipf's law distribution. We show that there is a finite threshold which depends on the Zipf's law parameters that characterizes the behavior of a rational attacker -- if the value of a cracked password (normalized by the cost of computing the password hash function) exceeds this threshold then the adversary's optimal strategy is always to continue attacking until each user password has been cracked. In all cases (Yahoo!, Dropbox, LastPass and AshleyMadison) we find that the value of a cracked password almost certainly exceeds this threshold meaning that a rational attacker would crack all passwords that are selected from the Zipf's law distribution (i.e., most user passwords). This prediction holds even if we incorporate an aggressive model of diminishing returns for the attacker (e.g., the total value of $500$ million cracked passwords is less than $100$ times the total value of $5$ million passwords). See paper for full abstract.

Cryptography and Security

梁艳,张琛岭,邱卫东

DOI: https://doi.org/10.3969/j.issn.1009-8054.2012.12.040

2012-01-01

Abstract:Rainbow tables are usually used to crack hash passwords, and it could effectively improve the crack speed. However, the time cost for generating a long-password (more than 10 characters) rainbow table could not be tolerated, and the cracking also has a low success rate. A new idea of rainbow table based on generator is proposed, and this rainbow table could greatly compress the plaintext space. It is based on some universal law of the process of artificial long passwords, and in this way a lot of low-probability passwords are removed from the plaintext space. It makes the generation of rainbow table for long passwords acceptable and provides an operable method to crack artificial long passwords.

Rui Xu,Xiaojun Chen,Yingbing Wang,Jinqiao Shi,Haitao Mi

DOI: https://doi.org/10.1109/MILCOM.2016.7795425

2016-01-01

Abstract:The conventional password cracking methods view the consecutive digits in passwords as a single unit without understanding the internal structures of digits. In this paper, in order to enhance the analysis of numerical passwords, we borrow the idea of chunking in psychology, and segment each numerical password into small chunks to help understand the structures. Empirically, we learn chunks and structures based on their frequencies from the numerical passwords of leaked corpus, and model them with probabilistic context-free grammars to generate password guesses. Experiment results on the leaked Chinese password corpus included 24 million entries show that our approach achieves 46.91% relative gains over word lists approach, and 31.07% relative gains in the first 1 million guesses than John the Ripper (JtR), and 50.76% relative gains for guessing long numerical password than JtR.

Rui Xu,Xiaojun Chen,Xingxing Wang,Jinqiao Shi

DOI: https://doi.org/10.1109/dsc.2018.00094

2018-01-01

Abstract:The current research mainly employs natural language processing techniques to study semantic patterns in passwords, but they do not explore deeply the construction of digits to generate more hittable guesses. In this paper, we utilize memory chunking method to split non-semantic digits in passwords, and define combination rules to split semantic digits patterns into small chunks. We use patterns customized for Chinese websites to extract structures and segments of letters and symbols. And we model them with Probabilistic Context-Free Grammars to generate password guesses. In addition, we introduce a definition called Password Guesses Probability Sparsity to describe the negative impact brought by sophisticated patterns, and develop measures to get substantial improvements. Experiment results based on large-scale datasets included over 160 million entries show our method guesses passwords much more effective than previous methods for guessing long numerical passwords and universal passwords. We achieve 107.18% relative improvements over John the Ripper for guessing long numerical passwords, and 14.46% relative gains than previous methods for guessing universal passwords.

Zach Parish,Connor Cushing,Shourya Aggarwal,Amirali Salehi-Abari,Julie Thorpe

DOI: https://doi.org/10.1007/s10207-021-00560-9

2021-08-23

International Journal of Information Security

Abstract:Password guessers are instrumental for assessing the strength of passwords. Despite their diversity and abundance, comparisons between password guessers are limited to simple success rates. Thus, little is known on how password guessers can best be combined with or complement each other. To extend analyses beyond success rates, we devise an analytical framework to compare the types of passwords that guessers generate. Using our framework, we show that different guessers often produce dissimilar passwords, even when trained on the same data. We leverage this result to show that combinations of computationally cheap guessers are as effective in guessing passwords as computationally intensive guessers, but more efficient. Our framework can be used to identify combinations of guessers that will best complement each other. To improve the success rate of any guesser, we also show how an effective training dataset can be identified for a given target password dataset, even when the target dataset is hashed. Our insights allow us to provide a concrete set of practical recommendations for password checking to effectively and efficiently measure password strength.

computer science, information systems, theory & methods, software engineering

Jaryn Shen,Timothy T. Yuen,Kim-Kwang Raymond Choo,Qingkai Zeng

DOI: https://doi.org/10.1007/978-3-030-21548-4_28

2019-01-01

Abstract:Passwords are widely used in online services, such as electronic and mobile banking services, and may be complemented by other authentication mechanism(s) for example in two-factor or three-factor authentication systems. There are, however, a number of known limitations and risks associated with the use of passwords, such as man-in-the-middle (MitM) and offline guessing attacks. In this paper, we present AMOGAP, a novel text password-based user authentication mechanism, to defend against MitM and offline guessing attacks. In our approach, users can select easy-to-remember passwords, and AMOGAP converts currently-used salted and hashed password files into user tokens, whose security relies on the Decisional Diffie-Hellman (DDH) assumption, at the server end. In other words, we use a difficult problem in number theory (i.e., DDH problem), rather than a one-way hash function, to ensure security against offline password guessing attackers and MitM attackers. AMOGAP does not require any change in existing authentication process and infrastructure or incur additional costs at the server.