Fast dictionary attacks on passwords using time-space tradeoff

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2005, Pages 364-372

  Narayanan, Arvind ^a   Shmatikov, Vitaly ^a  

^a UNIVERSITY OF TEXAS AT AUSTIN   (United States)

Author keywords

Cryptanalysis; Dictionary Attack; Markov Models; Passwords; Time Space Tradeoff

Indexed keywords

CRYPTANALYSIS; DICTIONARY ATTACK; MARKOV MODELS; PASSWORDS; TIME-SPACE TRADEOFF;

COMPUTER CRIME; COPYRIGHTS; CRYPTOGRAPHY; MARKOV PROCESSES; NATURAL LANGUAGE PROCESSING SYSTEMS; SECURITY SYSTEMS;

GLOSSARIES;

EID: 33745788833     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1102120.1102168     Document Type: Conference Paper

References (36)

1. MD5 online cracking using rainbow tables, http://www.passcracking.com/.
2. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In Proc. EUROCRYPT '00, volume 1807 of LNCS, pages 139-155. Springer, 2000.
3. S. Bellovin and M. Merritt. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proc. IEEE Security and Privacy Symposium, pages 72-84. IEEE Computer Society, 1992.
4. A. Booker. The Nth prime algorithm. http://primes.utm.edu/nthprime/algorithm.php, 2005.
5. J. Borst, B. Preneel, and J. Vandewalle. On the time-memory tradeoff between exhaustive key search and table precomputation. In Proc. 19th Symposium on Information Theory in the Benelux, pages 111-118, 1998.
6. V. Boyko, P. MacKenzie, and S. Patel. Provably secure password-authenticated key exchange using Diffie-Hellman. In Proc. EUROCRYPT '00, volume 1807 of LNCS, pages 156-171. Springer, 2000.
7. W. Burr, D. Dodson, and W. Polk. Electronic authentication guideline. NIST Special Publication 800-63, 2004.
8. D. Davis, F. Monrose, and M. Reiter. On user choice in graphic password schemes. In Proc. 13th USENIX Security Symposium, pages 151-164. USENIX, 2004.
9. D. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
10. D. C. Feldmeier and P. R. Karn. UNIX password security - ten years later. In Proc. CRYPTO '89, volume 435 of LNCS, pages 44-63. Springer, 1989.
11. A. Fiat and M. Naor. Rigorous time/space tradeoffs for inverting functions. In Proc. STOC '91, pages 534-541. ACM, 1991.
12. G. D. Forney. The Viterbi algorithm. Proceedings of the IEEE, 61(3):268-278, 1973.
13. C. Gentry, P. MacKenzie, and Z. Ramzan. Password authenticated key exchange using hidden smooth subgroups. In these proceedings, 2005.
14. O. Goldreich and Y. Lindell. Session-key generation using human random passwords. In Proc. CRYPTO '01, volume 2139 of LNCS, pages 408-432. Springer, 2001.
15. T. L. Griffiths and J. B. Tenenbaum. Probability, algorithmic complexity, and subjective randomness. In Proceedings of the 25th Annual Conference of the Cognitive Science Society, 2003.
16. T. L. Griffiths and J. B. Tenenbaum. From algorithmic to subjective randomness. In Advances in Neural Information Processing Systems 16, 2004.
17. M. Hellman. A cryptanalytic time-memory tradeoff. IEEE Transactions on Information Theory, 26:401-406, 1980.
18. I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin. The design and analysis of graphical passwords. In Proc. 8th USENIX Security Symposium, pages 135-150. USENIX, 1999.
19. J. Katz, R. Ostrovsky, and M. Yung. Efficient password-authenticated key exchange using human-memorable passwords. In Proc. EUROCRYPT '01, volume 2045 of LNCS, pages 475-494. Springer, 2001.
20. B. Kerbs. DNA key to decoding human factor. The Washington Post, March 28, 2005. http://www.washingtonpost.com/wp-dyn/articles/A6098-2005Mar28.html.
21. K. Kusuda and T. Matsumoto. Optimization of time-memory trade-off cryptanalysis and its application to DES, FEAL-32 and Skipjack. IEICE Transactions on Fundamentals, E79-A(1):35-48, 1996.
22. K. Kusuda and T. Matsumoto. Achieving higher success probability in time-memory trade-off cryptanalysis without increasing memory size. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, 1999.
23. R. Li and P. Vitanyi. An Introduction to Kolmogorov Complexity and Its Applications. Springer, 1997.
24. S. Lucks. Open key exchange: how to defeat dictionary attacks without encrypting public keys. In Proc. Security Protocols Workshop, volume 1361 of LNCS. Springer, 1997.
25. G. A. Miller. The magical number seven, plus or minus two; Some limits on our capacity for processing information. Psychological Review, 63:81-97, 1956.
26. F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. International Journal of Information Security, 1(2):69-93, 2002.
27. R. Morris and K. Thomson. Password security: A case history. In Communications of the ACM, Vol.22, No. 11, pages 594-597, 1979.
28. P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In Proc. CRYPTO '03, volume 2729 of LNCS, pages 617-630. Springer, 2003.
29. Openwall Project. John the Ripper password cracker. http://www.openwall.com/John/
30. Openwall Project. Wordlists collection. http://www.openwall.com/wordlists/, 2005.
31. B. Pinkas and T. Sander. Securing passwords against dictionary attacks. In Proc. 9th ACM Conference on Computer and Communications Security (CCS), pages 161-170. ACM, 2002.
32. L. R. Rabiner. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2):257-286, 1989.
33. Zhu Shuanglei. Project RainbowCrack. http://wwv.antsight.com/zsl/rainbowcrack/, 2005.
34. F. Standaert, G. Rouvroy, J.J. Quisquater, and J. Legat. A time/memory tradeoff using distinguished points: new analysis and FPGA results. In Proc. CHES 2002, volume 2523 of LNCS, pages 593-609. Springer, 2002.
35. S. Stubblebine and P. van Oorschot. Addressing online dictionary attacks with login histories and humans-in-the-loop. In Proc. Financial Cryptography, volume 3110 of LNCS, pages 39-53. Springer, 2004.
36. J. Thorpe and P. van Oorschot. Graphical dictionary and the memorable space of graphical passwords. In Proc. 13th USENIX Security Symposium, pages 135-150. USENIX, 2004.