Download presentation
Presentation is loading. Please wait.
Published byMilo Washington Modified over 8 years ago
1
Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty Proceeding CCS '13CCS '13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security Pages 145-160
2
Summary Stolen hash files Extended from Honey accounts Honeywords (dummy passwords) for every user Use of Honey Checker for authentication Paper also covers: Honeyword generation Policy choices Potential attacks against this system 2October 14, 2015
3
Aspect Honeyword generation poses the same threats as passwords, and they are not the most satisfactory approach to authenticate a user My focus – Honeyword generation methods and their limitations Chaffing-with-a-password model Hybrid Generation October 14, 20153
4
Chaffing with a password model Use of a probabilistic model of real passwords Doesn’t require users password to generate a Honeyword Uses a simple probability model to generate x number of Honeywords October 14, 20154
5
Hybrid Generation Hybrid generation uses Legacy-UI Combines the strength of Chaffing with a password model and chaffing by tweaking digits “We assume a password composition policy that requires at least one digit, so that tweaking digits is always possible.” Use of dictionary words October 14, 20155
6
Final Thoughts Gather insights on how passwords are generated Refine cracking algorithms Using multiple systems to log in My thoughts Making passwords realistic Using old passwords October 14, 20156
7
Questions 7October 14, 2015
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.