English
Related papers

Related papers: Evaluating Argon2 Adoption and Effectiveness in Re…

200 papers

Although it is common for users to select bad passwords that can be easily cracked by attackers, password-based authentication remains the most widely-used method. To encourage users to select good passwords, enterprises often enforce…

Cryptography and Security · Computer Science 2015-12-21 Cem S. Sahin , Robert Lychev , Neal Wagner

The security of passwords is dependent on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in…

Cryptography and Security · Computer Science 2022-12-13 Fangyi Yu

Password security hinges on an in-depth understanding of the techniques adopted by attackers. Unfortunately, real-world adversaries resort to pragmatic guessing strategies such as dictionary attacks that are inherently difficult to model in…

Cryptography and Security · Computer Science 2021-03-01 Dario Pasquini , Marco Cianfriglia , Giuseppe Ateniese , Massimo Bernaschi

In the past decade, billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user's password can check as many password guesses…

Cryptography and Security · Computer Science 2022-06-28 Wenjie Bai , Jeremiah Blocki , Mohammad Hassan Ameri

Text password has served as the most popular method for user authentication so far, and is not likely to be totally replaced in foreseeable future. Password authentication offers several desirable properties (e.g., low-cost, highly…

Cryptography and Security · Computer Science 2022-12-27 Lam Tran , Thuc Nguyen , Changho Seo , Hyunil Kim , Deokjai Choi

Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…

Cryptography and Security · Computer Science 2022-11-11 Stephan Wiefling , Paul René Jørgensen , Sigurd Thunem , Luigi Lo Iacono

Passwords remain one of the most common methods for securing sensitive data in the digital age. However, weak password choices continue to pose significant risks to data security and privacy. This study aims to solve the problem by focusing…

Cryptography and Security · Computer Science 2025-06-03 Pappu Jha , Hanzla Hamid , Oluseyi Olukola , Ashim Dahal , Nick Rahimi

The security of passwords depends on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in password…

Cryptography and Security · Computer Science 2022-08-16 Fangyi Yu , Miguel Vargas Martin

In this document we present an overview of the background to and goals of the Password Hashing Competition (PHC) as well as the design of its winner, Argon2, and its security requirements and properties.

Cryptography and Security · Computer Science 2016-02-12 Jos Wetzels

A password composition policy restricts the space of allowable passwords to eliminate weak passwords that are vulnerable to statistical guessing attacks. Usability studies have demonstrated that existing password composition policies can…

Cryptography and Security · Computer Science 2013-02-26 Jeremiah Blocki , Saranga Komanduri , Ariel Procaccia , Or Sheffet

As the primary mechanism of digital authentication, user-created passwords exhibit common patterns and regularities that can be learned from leaked datasets. Password choices are profoundly shaped by external factors, including social…

Cryptography and Security · Computer Science 2025-10-28 Xudong Yang , Jincheng Li , Kaiwen Xing , Zhenjia Xiao , Mingjian Duan , Weili Han , Hu Xiong

Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing…

Cryptography and Security · Computer Science 2013-04-25 Claude Castelluccia , Abdelberi Chaabane , Markus Dürmuth , Daniele Perito

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…

Cryptography and Security · Computer Science 2021-08-17 Wenjie Bai , Jeremiah Blocki , Ben Harsha

The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…

Networking and Internet Architecture · Computer Science 2020-11-13 Teik Guan Tan , Pawel Szalachowski , Jianying Zhou

We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We…

Cryptography and Security · Computer Science 2020-06-11 Jeremiah Blocki , Ben Harsha , Samson Zhou

An attacker who breaks into an authentication server and steals all of the cryptographic password hashes is able to mount an offline-brute force attack against each user's password. Offline brute-force attacks against passwords are…

Cryptography and Security · Computer Science 2021-02-02 Wenjie Bai , Jeremiah Blocki

A central challenge in password security is to characterize the attacker's guessing curve i.e., what is the probability that the attacker will crack a random user's password within the first $G$ guesses. A key challenge is that the guessing…

Cryptography and Security · Computer Science 2022-09-22 Jeremiah Blocki , Peiyuan Liu

Today, offline attacks are one of the most severe threats to password security. These attacks have claimed millions of passwords from prominent websites including Yahoo, LinkedIn, Twitter, Sony, Adobe and many more. Therefore, as a…

Cryptography and Security · Computer Science 2020-09-15 Harshal Tupsamudre , Sachin Lodha

In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent…

Cryptography and Security · Computer Science 2020-12-03 Aikaterini Kanta , Iwen Coisel , Mark Scanlon

An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is…

Cryptography and Security · Computer Science 2016-05-06 Jeremiah Blocki , Anupam Datta
‹ Prev 1 2 3 10 Next ›