Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty.

Published byMilo Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty."— Presentation transcript:

1 Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty Proceeding CCS '13CCS '13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security Pages 145-160

2 Summary Stolen hash files Extended from Honey accounts Honeywords (dummy passwords) for every user Use of Honey Checker for authentication Paper also covers: Honeyword generation Policy choices Potential attacks against this system 2October 14, 2015

3 Aspect Honeyword generation poses the same threats as passwords, and they are not the most satisfactory approach to authenticate a user My focus – Honeyword generation methods and their limitations Chaffing-with-a-password model Hybrid Generation October 14, 20153

4 Chaffing with a password model Use of a probabilistic model of real passwords Doesn’t require users password to generate a Honeyword Uses a simple probability model to generate x number of Honeywords October 14, 20154

5 Hybrid Generation Hybrid generation uses Legacy-UI Combines the strength of Chaffing with a password model and chaffing by tweaking digits “We assume a password composition policy that requires at least one digit, so that tweaking digits is always possible.” Use of dictionary words October 14, 20155

6 Final Thoughts Gather insights on how passwords are generated Refine cracking algorithms Using multiple systems to log in My thoughts Making passwords realistic Using old passwords October 14, 20156

7 Questions 7October 14, 2015

Download ppt "Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty."

Similar presentations

1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010

1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Access Control Methodologies

Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
presenter : Eirini Aikaterini Degleri , 2735

presenter : Eirini Aikaterini Degleri , 2735
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
CMSC 414 Computer (and Network) Security Lecture 9 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 9 Jonathan Katz.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.

Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google