Breaking the Password Security Standards Using Offline Attacks and Public User Attributes

机译：使用脱机攻击和公共用户属性打破密码安全标准

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Password security standards based on the Shannon Entropy were made to ensure that users are protected from attacks. This research investigates the possibility of breaking the password security standards using offline attacks and public user attributes. The idea here is to reduce the keyspace by collecting a character set that is likely to be chosen as a password. Ten million compromised passwords were used to establish the Dictionary Character Set, while 1.4 billion compromised email accounts were used to establish the User-Attribute Character Set. Based on the experiments conducted, we proved that there is a high chance of breaking 8 – 10 character length passwords in a reasonable time. Dictionary and Attribute-Based attacks were proved to work in the wild based on cracking time and the number of compromised passwords in the datasets. Results show that it is possible to break the password standards using offline attacks and public user attributes in a reasonable time. A Machine Sensitive Key Based Password Strength Metric is then proposed based on the ratio of risk and safe probabilities of the password. The metric is based on the measurements gathered from the Brute Force, Dictionary and Attribute-Based Password Attacks.

机译：采取了基于Shannon Entropy的密码安全标准，以确保用户免受攻击的影响。本研究调查了使用脱机攻击和公共用户属性打破密码安全标准的可能性。这里的想法是通过收集可能被选为密码的字符集来减少keyspace。额外影响的密码用于建立字典字符集，而14亿个受损的电子邮件帐户用于建立User-Attribute字符集。基于进行的实验，我们证明了在合理的时间内突破8 - 10个字符长度密码的几率很高。证明基于字典和基于属性的攻击基于破解时间和数据集中受损密码的数量在野外工作。结果表明，可以在合理的时间内使用离线攻击和公共用户属性来打破密码标准。然后基于密码的风险和安全概率的比率提出基于机器敏感的密钥密码强度度量。度量标准基于从蛮力，字典和基于属性的密码攻击收集的测量值。

著录项

来源
《International Conference on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management》|2019年|1 v.|共5页
会议地点
作者
Haggai Rei G. Cacacho; Harbie Jay L. Manuel; Evelio L. Failoga; James Patrick A. Acang;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Password; Dictionaries; Standards; Entropy; Measurement; Complexity theory;

机译：密码;词典;标准;熵;测量;复杂性理论;

相似文献

外文文献
中文文献
专利

1. A Theoretical Framework for Password Security against Offline Guessability Attacks [J] . Shah Zaman Nizamani, Syed Raheel Hassan, Rafia Naz Indian Journal of Science and Technology . 2017,第33期

机译：防止离线可猜测性攻击的密码安全性的理论框架
2. N ovel Implementation of O-Pass Security Model Design of User Authentication for Password Stealing and Reuse Attacks [J] . Dr.M.Ramabai, J.V.Prashanthi, P.Monika Raju, International Journal of Computer Trends and Technology . 2014,第2期

机译：密码盗用和重用攻击的用户认证O-Pass安全模型设计的新实现
3. oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks [J] . Sun H.-M., Chen Y.-H., Lin Y.-H. Information Forensics and Security, IEEE Transactions on . 2012,第2期

机译：oPass：抵抗密码窃取和密码重用攻击的用户身份验证协议
4. Breaking the Password Security Standards Using Offline Attacks and Public User Attributes [C] . Haggai Rei G. Cacacho, Harbie Jay L. Manuel, Evelio L. Failoga, International Conference on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management . 2019

机译：使用脱机攻击和公共用户属性突破密码安全标准
5. Password security and usability: From password checkers to a new framework for user authentication [D] . Aljaffan, Nouf Mohammed D. 2017

机译：密码安全性和可用性：从密码检查程序到新的用户身份验证框架
6. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model [O] . Junghyun Nam, Kim-Kwang Raymond Choo, Junghwan Kim, -1

机译：在标准模型中具有可验证安全性的仅密码认证的第三方密钥交换
7. nyk of the Lviv University. Series Law KEYWORDS abuse of authority, abuse of power, abuse of official status, abuse of office acts of the European Union, international legal regulation, employment, right to free movement advocacy, advocate activity, advocacy science, advocatologie, theory of advocacy appeal proceeding, grounds to judgement revision, inconsistency of the court’s findings at first instance with the actual circumstances of the criminal proceedings, cancellation or alteration of the judgment charity organization, founder, assets of charity organization, constituent documents criminal proceedings, subjects of criminal proceedings, the suspect, the suspect law, criminal procedure, international standards employer’s duty, right to the moral injury compensation, social insurance from an industrial accident, social need, labour dispute forms of the legal actions of the collective of employees historical and legal science department, scientific activity law enforcement equipment, individual legal act, the means of forming the content of the enforcement act, requirements for registration of individual legal act attributes (properties) of acts of law legal formula (construction), qualified corpus delicti of a crime, degree of social danger, crime-forming feature legal social community legal technique, technology, legal act, legal system, lawmaking legitimacy, investigation of crime, concept of criminalistics, criminalistics recommendations, tactical methods measures aimed at providing criminal proceedings, procedural sanction, monetary penalty, pre-trial investigation national implementation, forms of implementation, implementation practice, European states, international treaties participant, shareholder, partnership, acquisition, changing, suspension proof, probability, likelihood, credibility in evidence, reliability scientific school, research, development land, agricultural and environmental law, Lviv Scientific School land, agricultural and environmental law the High Council of Justice of Ukraine, the National Council of Justice of the Republic of Poland, judges’ independence, international standards of the judiciary the presumption of the labor legal personality OPEN JOURNAL SYSTEMS Journal Help USER Username Password Remember me Login NOTIFICATIONS View Subscribe LANGUAGE Select LanguageSubmit JOURNAL CONTENT Search Search Scope Search Browse By Issue By Author By Title Other Journals FONT SIZE Make font size smallerMake font size defaultMake font size larger INFORMATION For Readers For Authors For Librarians HOME ABOUT LOGIN REGISTER SEARCH CURRENT ARCHIVES ANNOUNCEMENTS Home > No 67 (2018) > Марін ONCE AGAIN ON THE RETROACTIVE EFFECT OF THE CRIMINAL LAW IN TIME IN THE ASPECT OF INDIRECT CRIMINALIZATION [O] . Oleksandr Marin 2018

机译：LVIV大学的尼克。系列律师关键词滥用权威，滥用权力，滥用官方地位，滥用欧盟办公室行为，国际法律监管，就业，自由运动倡导，倡导活动，倡导科学，倡导性宣传理论，倡导呼吁的理论，理由修改，法院调查结果的不一致事实，判决慈善组织的实际情况，取消或改变判决慈善机构，慈善组织的创始人，慈善机构资产，组成文件刑事诉讼，刑事诉讼主题，嫌疑人，嫌疑法，刑事诉讼，国际标准雇主的责任，道德伤害赔偿权，社会保险从工业事故，社会需求，劳动争端形式的员工历史和法律科学部的法律行为，科学活动执法设备，个人法律法案，制定执法法案的内容，法律法律公式（建设）行为的个人法律法案（属性），犯罪的合格犯罪，社会危险程度，犯罪形成特征法律社会社会法律技术，技术，法律法，法律制度，立法合法性，犯罪调查，犯罪概念，犯罪建议，战术方法旨在提供刑事诉讼，程序制裁，货币罚款，预审调查预审国家实施，执行形式，实施实践，欧洲国家，国际条约参与者，股东，伙伴关系，收购，不断变化，暂停证明，概率，可能性，可信度在证据，可靠性科学学校，研究，开发土地，农业和环境法，利沃科学校园，农业和环境法律议理乌克兰的冰，波兰共和国国家司法委员会，法官的独立，国际标准的司法部门劳动法人的推定开放期刊系统期刊帮助用户用户名密码记住我登录通知查看订阅语言选择lobsumberubmit期刊内容搜索搜索范围搜索按问题浏览作者标题在间接刑事定罪方面，再次对刑法的追溯效应及时
8. Emperor's New Password Manager: Security Analysis of Web-based Password Managers. [R] . Li, Z., He, W., Akhawa, D., 2014

机译：Emperor的新密码管理器：基于Web的密码管理器的安全性分析。

Breaking the Password Security Standards Using Offline Attacks and Public User Attributes

摘要

著录项

相似文献

相关主题

期刊订阅