Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Patrick Gage Kelley, et al. “Guess again (and again and again): [...].” In 2012 IEEE Symposium on Security and Privacy (SP), pp. 523-537. IEEE, 2012.

Published byBrenda Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: " Patrick Gage Kelley, et al. “Guess again (and again and again): [...].” In 2012 IEEE Symposium on Security and Privacy (SP), pp. 523-537. IEEE, 2012."— Presentation transcript:

1  Patrick Gage Kelley, et al. “Guess again (and again and again): [...].” In 2012 IEEE Symposium on Security and Privacy (SP), pp. 523-537. IEEE, 2012. Timothy D. Widjaja

2  Measuring password strength by simulating password- cracking algorithms  Gather passwords under various policies, then train the algorithms on various dictionaries; compare the guessability of passwords from those policies using those dictionaries  Guessability is measured by calculating how long the algorithms would take to discover a password  Password creation policies may influence a user’s choice of password in ways more “predictable” than intended  Password cracking algorithms can become very successful if tailored to a given password creation policy

3  A word mangling algorithm is trained on a dictionary apple banana cherry... apple banana cherry... Word Mangling Algorithm apple1234 a.p.p.l.e aaaaapple 4PPL3 binini BaNaNa ba-na-na banananana cherry!!! cherrie che~e~erry cherrycherry... apple1234 a.p.p.l.e aaaaapple 4PPL3 binini BaNaNa ba-na-na banananana cherry!!! cherrie che~e~erry cherrycherry... e.g. Weir, Brute-Force Markov, John the Ripper

4  Consider password cracking as a guided traversal through the space of all possible passwords: “educated” brute-force  How does a password policy influence users in creating passwords? How does it affect the password distribution? Password Distribution Password Cracking Perimeter

5  POLICIES: two different scenarios, four different “wordings”, eight different conditions dictionary8 blacklistEasy blacklistMedium blacklistHard basic8survey basic16comprehensive8 basic8

6  FINDING: Training the cracking algorithm using other passwords gathered under the same policy improves cracking significantly for stringent policies, but only slightly for lenient policies Ideal Situation Actual Situation

7  FINDING: The guessability of passwords created under some policy is not equivalent to the guessability of passwords created under different policies that happen to conform to that policy No Restriction Apply Restriction X

8

Download ppt " Patrick Gage Kelley, et al. “Guess again (and again and again): [...].” In 2012 IEEE Symposium on Security and Privacy (SP), pp. 523-537. IEEE, 2012."

Similar presentations

Jillian Brown. Develop realistic, high quality case material for computer forensic investigations Suitably complex primary data Apply theoretical aspects.

Jillian Brown. Develop realistic, high quality case material for computer forensic investigations Suitably complex primary data Apply theoretical aspects.
Training Guide. `

Training Guide. `
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
The Minoans OBJECTIVE: To determine what life was like for the Minoans and how geography influenced their lives using Guided Reading questions To create.

The Minoans OBJECTIVE: To determine what life was like for the Minoans and how geography influenced their lives using Guided Reading questions To create.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms by Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms by Patrick Gage Kelley, Saranga Komanduri, Michelle.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
1 Password Advanced Password Management. 2 Standard Password Management including tool for blocking usage of easily cracked passwords Extensive dictionary.

1 Password Advanced Password Management. 2 Standard Password Management including tool for blocking usage of easily cracked passwords Extensive dictionary.
3d ..

3d ..
Doc.: IEEE 802.11-15/0358r3 Submission March 2015 Daewon Lee, NEWRACOM Numerology for 11ax Date: 2015-03-09 Authors: Slide 1.

Doc.: IEEE /0358r3 Submission March 2015 Daewon Lee, NEWRACOM Numerology for 11ax Date: Authors: Slide 1.
Nowlin Chair Crop Modeling Symposium November 10-11, 2000 Future Needs for Effective Model Applications James W. Jones  Users  Model Capabilities  Data.

Nowlin Chair Crop Modeling Symposium November 10-11, 2000 Future Needs for Effective Model Applications James W. Jones  Users  Model Capabilities  Data.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Exploring subjective probability distributions using Bayesian statistics Tom Griffiths Department of Psychology Cognitive Science Program University of.

Exploring subjective probability distributions using Bayesian statistics Tom Griffiths Department of Psychology Cognitive Science Program University of.
Chapter 01 Introduction to Probability Models Course Focus Textbook Approach Why Study This?

Chapter 01 Introduction to Probability Models Course Focus Textbook Approach Why Study This?
Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.

Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
ECE 533 Final Project SIMPLE FACE RECOGNITION IMPLEMENTATION FOR COMPUTER AUTHENTICATION Josh Easton- Tin-Yau Lo.

ECE 533 Final Project SIMPLE FACE RECOGNITION IMPLEMENTATION FOR COMPUTER AUTHENTICATION Josh Easton- Tin-Yau Lo.

Similar presentations

Ads by Google