A note on proactive password checking

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A note on proactive password checking

Full text

Pdf (506 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 2001 workshop on New security paradigms table of contents

Cloudcroft, New Mexico

SESSION: Session 7: passwords revisited table of contents

Pages: 127 - 135

Year of Publication: 2001

ISBN:1-58113-457-6

Author

Jianxin Jeff Yan

University of Cambridge

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 66, Citation Count: 9

Additional Information:

abstract references cited by index terms

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/508171.508194 What is a DOI?

ABSTRACT

Nowadays, proactive password checking algorithms are based on the philosophy of the dictionary attack, and they often fail to prevent some weak passwords with low entropy. In this paper, a new approach is proposed to deal with this new class of weak passwords by (roughly) measuring entropy. A simple example is given to exploit effective patterns to prevent low-entropy passwords as the first step of entropy-based proactive password checking.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Steven M. Bellovin , Michael Merritt, Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.72, May 04-06, 1992
	2	Francesco Bergadano , Bruno Crispo , Giancarlo Ruffo, High dictionary compression for proactive password checking, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.3-25, Nov. 1998 [doi>10.1145/290163.290164]
	3	F. Bergadano , B. Crispo , G. Ruffo, Proactive password checking with decision trees, Proceedings of the 4th ACM conference on Computer and communications security, p.67-77, April 01-04, 1997, Zurich, Switzerland [doi>10.1145/266420.266437]
	4	Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970 [doi>10.1145/362686.362692]
	5	C. Davies and R. Ganesan. BApasswd: A new proactive password checker. In 16th National Computer Security Conference, pages 1-15, Baltimore, MD, Sept. 1993
	6	DV Klein. Foiling the Cracker; A Survey of, and Improvements to Unix Password Security, Proceedings of the USENIX Security Workshop. Portland, Oregon: USENIX Association, Summer 1990; expanded as a technical report from SEI, 1992
	7	Alec Muffett. Crack 4.0, 5.0, almost everywhere in the internet
	8	Alec Muffett. CrackLib: a proactive password sanity ibrary, http://www.users.dircon.co.uk/~crypto/download/cracklib,2.7.txt
	9	Npassword source code (Latest version: npasswd-2.X.tar.gz). at http://www.utexas.edu/cc/unix/software/npasswd/dist/npasswd-2.05.tar.gz, 2000
	10	S. Patel, Number theoretic attacks on secure password schemes, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.236, May 04-07, 1997
	11	Eugene H. Spafford, OPUS: preventing weak password choices, Computers and Security, v.11 n.3, p.273-278, May 1992 [doi>10.1016/0167-4048(92)90207-8]
	12	T. Wu, The Secure Remote Password Protocol, in Proceedings of the 1998 Internet Society Symposium on Network and Distributed System Security, San Diego, CA, Mar 1998, pp. 97-111.
	13	T. Wu, A Real-World Analysis of Kerberos Password Security, Proceedings of the 1999 Network and Distributed System Security Symposium, February 3-5, 1999
	14	Jianxin (Jeff) Yan, Alan Blackwell, Ross Anderson and Alasdair Grant. The Memorability and Security of Passwords -- Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge,2000. http://www.ftp.clcamacuk/ftp/users/ja14/tr500.pdf

CITED BY 9

	Jeff Yan , Alan , Ross , Alasdair, Password Memorability and Security: Empirical Results, IEEE Security and Privacy, v.2 n.5, p.25-31, September 2004
	Richard M. Conlan , Peter Tarasewich, Improving interface designs to help users choose better passwords, CHI '06 extended abstracts on Human factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada
	Julie Thorpe , P. C. van Oorschot , Anil Somayaji, Pass-thoughts: authenticating with our minds, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Saeed A. Rajput , Jihong Chen , Sam Hsu, State based authentication, Proceedings of the 43rd annual southeast regional conference, March 18-20, 2005, Kennesaw, Georgia
	Paul C. Van Oorschot , Stuart Stubblebine, On countering online dictionary attacks with login histories and humans-in-the-loop, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.235-258, August 2006
	Mohammad Mannan , P. C. van Oorschot, Digital objects as passwords, Proceedings of the 3rd conference on Hot topics in security, p.1-6, July 29, 2008, San Jose, CA
	P. C. van Oorschot , Julie Thorpe, On predictive models and user-drawn graphical passwords, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-33, January 2008
	Richard Shay , Abhilasha Bhargav-Spantzel , Elisa Bertino, Password policy simulation and analysis, Proceedings of the 2007 ACM workshop on Digital identity management, November 02-02, 2007, Fairfax, Virginia, USA
	Paul Dunphy , Jeff Yan, Do background images improve "draw a secret" graphical passwords?, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA