A note of proactive password checking

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2001, Pages 127-135

  Yan, Jianxin Jeff ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

Dictionary attack; Entropy; Proactive password checking

Indexed keywords

ALGORITHMS; COMPUTER CRIME; CRYPTOGRAPHY; DATA PRIVACY; SECURITY SYSTEMS;

DICTIONARY ATTACK; PASSWORD SECURITY; PROACTIVE PASSWORD CHECKING;

SECURITY OF DATA;

EID: 0242708748     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/508193.508194     Document Type: Conference Paper

References (14)

1. Steven M. Bellovin and Michael Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, IEEE Symposium on Research in Security and Privacy, May 1992. pp.72-84.
2. F Bergadano et al. High dictionary compression for proactive password checking, ACM trans. on info and system security Vol.1, No.1, Nov. 1998
3. F Bergadano et al. Proactive password checking with decision trees, 1997 ACM conference on computer and communications security, 1997, Zurich
4. Burton Bloom. Space/time trade-offs in hash coding with allowable errors, CACM, 13(7): 422-426, July 1979
5. C. Davies and R. Ganesan. BApasswd: A new proactive password checker. In 16th National Computer Security Conference, pages 1-15, Baltimore, MD, Sept. 1993
6. DV Klein. Foiling the Cracker; A Survey of, and Improvements to Unix Password Security, Proceedings of the USENIX Security Workshop. Portland, Oregon: USENIX Association, Summer 1990; expanded as a technical report from SEI, 1992
7. Alec Muffett. Crack 4.0, 5.0, almost everywhere in the internet
8. Alec Muffett. CrackLib: a proactive password sanity ibrary. http://www.users.dircon.co.uk/~crypto/download/cracklib,2.7txt
9. Npassword source code (Latest version: npasswd-2.X.tar.gz). at http://www.utexas.edu/cc/unix/software/npasswd/dist/npasswd-2.05.tar.gz, 2000
10. S. Patel, Number theoretic attacks on secure password schemes. IEEE Symposium on Security and Privacy, 1997
11. H. Spafford. OPUS: Preventing Weak Password Choices, Computers and Security 11(3), pp. 273-278, 1992
12. T. Wu, The Secure Remote Password Protocol, in Proceedings of the 1998 Internet Society Symposium on Network and Distributed System Security, San Diego, CA, Mar 1998, pp. 97-111.
13. T. Wu, A Real-World Analysis of Kerberos Password Security, Proceedings of the 1999 Network and Distributed System Security Symposium, February 3-5, 1999
14. Jianxin (Jeff) Yan, Alan Blackwell, Ross Anderson and Alasdair Grant. The Memorability and Security of Passwords - Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000. http://wwwfp.clcamacuk/ftp/users/rjal4/tr500.pdf