English
Related papers

Related papers: DALock: Distribution Aware Password Throttling

200 papers

An attacker who breaks into an authentication server and steals all of the cryptographic password hashes is able to mount an offline-brute force attack against each user's password. Offline brute-force attacks against passwords are…

Cryptography and Security · Computer Science 2021-02-02 Wenjie Bai , Jeremiah Blocki

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…

Cryptography and Security · Computer Science 2021-08-17 Wenjie Bai , Jeremiah Blocki , Ben Harsha

The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In…

Cryptography and Security · Computer Science 2024-03-18 Saul Johnson , João F. Ferreira , Alexandra Mendes , Julien Cordry

Efficient password cracking is a critical aspect of digital forensics, enabling investigators to decrypt protected content during criminal investigations. Traditional password cracking methods, including brute-force, dictionary and…

Cryptography and Security · Computer Science 2025-04-07 Mohamad Hachem , Adam Lanfranchi , Nathan Clarke , Joakim Kavrestad

Leaks from password datasets are a regular occurrence. An organization may defend a leak with reassurances that just a small subset of passwords were taken. In this paper we show that the leak of a relatively small number of text-based…

Cryptography and Security · Computer Science 2021-03-29 Hazel Murray , David Malone

An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is…

Cryptography and Security · Computer Science 2016-05-06 Jeremiah Blocki , Anupam Datta

Leaked passwords from data breaches can pose a serious threat to users if the password is reused elsewhere. With more online services getting breached today, there is still a lack of large-scale quantitative understanding of the risks of…

Cryptography and Security · Computer Science 2017-06-09 Chun Wang , Steve T. K. Jan , Hang Hu , Gang Wang

Variant Stochastic cracking is a significantly more resilient approach to adaptive indexing. It showed [1]that Stochastic cracking uses each query as a hint on how to reorganize data, but not blindly so; it gains resilience and avoids…

Databases · Computer Science 2013-05-09 Meenesh Bhardwaj

A central challenge in password security is to characterize the attacker's guessing curve i.e., what is the probability that the attacker will crack a random user's password within the first $G$ guesses. A key challenge is that the guessing…

Cryptography and Security · Computer Science 2022-09-22 Jeremiah Blocki , Peiyuan Liu

Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing…

Cryptography and Security · Computer Science 2013-04-25 Claude Castelluccia , Abdelberi Chaabane , Markus Dürmuth , Daniele Perito

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…

Cryptography and Security · Computer Science 2026-02-03 Chaofang Shi , Zhongwen Li , Xiaoqi Li

Logic locking has emerged to prevent piracy and overproduction of integrated circuits ever since the split of the design house and manufacturing foundry was established. While there has been a lot of research using a single global key to…

Cryptography and Security · Computer Science 2025-01-07 Kevin Lopez , Amin Rezaei

Today, offline attacks are one of the most severe threats to password security. These attacks have claimed millions of passwords from prominent websites including Yahoo, LinkedIn, Twitter, Sony, Adobe and many more. Therefore, as a…

Cryptography and Security · Computer Science 2020-09-15 Harshal Tupsamudre , Sachin Lodha

We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We…

Cryptography and Security · Computer Science 2020-06-11 Jeremiah Blocki , Ben Harsha , Samson Zhou

With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities,…

Cryptography and Security · Computer Science 2019-08-14 Michael Flanders

Though not yet widely deployed, password-authenticated key exchange (PAKE) protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they…

Cryptography and Security · Computer Science 2026-02-10 Eloise Christian , Tejas Gadwalkar , Arthur Azevedo de Amorim , Edward V. Zieglar

The feature diversity of different web systems in page elements, submission contents and return information makes it difficult to detect weak password automatically. To solve this problem, multi-factor correlation detection method as…

Cryptography and Security · Computer Science 2022-10-27 Xiang Long , Yan Huang , Zhendong Liu , Lansheng Han , Haili Sun , Jingyuan He

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

Sensitive data leakage is the major growing problem being faced by enterprises in this technical era. Data leakage causes severe threats for organization of data safety which badly affects the reputation of organizations. Data leakage is…

Cryptography and Security · Computer Science 2023-12-22 Kishu Gupta , Ashwani Kush

Modern authentication systems store hashed values of passwords of users using cryptographic hash functions. Therefore, to crack a password an attacker needs to guess a hash function input that is mapped to the hashed value, as opposed to…

Cryptography and Security · Computer Science 2019-11-28 Yair Yona , Suhas Diggavi
‹ Prev 1 2 3 10 Next ›