Password exhaustion: Predicting the end of password usefulness

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4332 LNCS, Issue , 2006, Pages 37-55

  St Clair, Luke ^a   Johansen, Lisa ^a   Enck, William ^a   Pirretti, Matthew ^a   Traynor, Patrick ^a   McDaniel, Patrick ^a   Jaeger, Trent ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SYSTEMS; INFORMATION USE;

AUTHENTICATION MECHANISMS; COMPUTING SYSTEM; EMPIRICAL STUDIES; LARGE AMOUNTS; OFFLINE; RANDOM PASSWORDS;

AUTHENTICATION;

EID: 84994436127     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11961635_3     Document Type: Conference Paper

References (34)

1. AMD 3-year technology outlook. http://www.amdcompare.com/techoutlook/.
2. EFF DES cracker project. www.eff.org/Privacy/Crypto/Crypto misc/DESCracker/.
3. John the ripper password cracker. http://www.openwall.com/john/.
4. Number of words in the English language. http://hypertextbook.com/facts/2001/JohnnyLing.shtml.
5. pwgen CVS changelog. http://pwgen.cvs.sourceforge.net/pwgen/src/ChangeLog?revision= 1.8&view=markup.
6. pwgen password generator. http://sourceforge.net/projects/pwgen/.
7. Sans institute. http://www.sans.org/aboutsans.php.
8. SANS password policies. http://www.sans.org/resources/policies/.
9. Unix cyrpt man page. http://bama.ua.edu/cgi-bin/man-cgi?crypt unix+5.
10. The magical number seven, plus or minus two: Some limits on our capacity for processing information, 1956.
11. Mihir Bellare, David Pointcheval, and Phillip Rogaway. Authenticated key exchange secure against dictionary attacks. Lecture Notes in Computer Science, 1807:139–156, 2000.
12. S. M. Bellovin and M. Merritt. Limitations of the kerberos authentication system. SIGCOMM Comput. Commun. Rev., 20(5):119–132, 1990.
13. Eli Biham. A fast new DES implementation in software. Lecture Notes in Computer Science, 1267:260–272, 1997.
14. Shekhar Y Borkar, Pardeep Dubey, Kevin C Kahn, David J Kuck, Hans Mulder, Stephen S Pawlowski, Justing R Rattner, R M Ramanathan, and Vince Thomas. Platform 2015: Intel Processor and Platform Evolution for the Next Decade. Technical report, Intel, 2005.
15. Federal Fiancial Institutions Examination Council. Authentication in an internet banking environment. http://federalreserve.gov/boarddocs/srletters/2005/SR0519a1.pdf.
16. Larry Cuban. Oversold and Underused: Computers in the Classroom. Harvard University Press, 2001.
17. Manek Dubash. Moore’s Law is dead, says Gordon Moore. http://www.techworld.com/opsys/news/index.cfm?NewsID=3477, 2005.
18. Magnus Ekman, Fredrik Warg, and Jim Nilsson. An in-depth look at computer performance growth. SIGARCH Comput. Archit. News, 33(1):144–147, 2005.
19. David C. Feldmeier and Philip R. Karn. Unix password security - ten years later. In CRYPTO ’89: Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, pages 44–63, London, UK, 1990. Springer-Verlag.
20. Radhakrishna Hiremane. From Moore’s Law to Intel Innovation - Prediction to Reality. Technology@Intel Magazine, April 2005.
21. Ian Jermyn, Alain Mayer, Fabian Monrose, Michael Reiter, and Aviel Rubin. The Design and Analysis of Graphic Passwords. In Proceedings of the 8th Annual USENIX Security Symposium, 1999.
22. Daniel V. Klein. “foiling the cracker” – A survey of, and improvements to, password security. In Proceedings of the second USENIX Workshop on Security, pages 5–14, Summer 1990.
23. J. Kohl and C. Neuman. RFC 1510: The Kerberos Network Authentication Service (V5), September 1993. Status: PROPOSED STANDARD.
24. Rob Lemos. Passwords: The Weakest Link. http://news.com.com/2009-1001-916719.html, 2002.
25. Fabian Monrose and Aviel Rubin. Authentication via Keystroke Dynamics. In Proceedings of the 4th ACM Conference on Computer and Communication Security, 1997.
26. Robert Morris and Ken Thompson. Password security: a case history. Commun. ACM, 22(11):594–597, 1979.
27. Arvind Narayanan and Vitaly Shmatikov. Fast dictionary attacks on passwords using timespace tradeoff. In CCS ’05: Proceedings of the 12th ACM conference on Computer and communications security, pages 364–372, New York, NY, USA, 2005. ACM Press.
28. Niels Provos and David Mazières. A Future-Adaptable Password Scheme. In USENIX Annual Technical Conference, FREENIX Track, pages 81–91, 1999.
29. Arnold G. Reinhold. Results of a survey on pgp pass phrase usage. http://www.ecst. csuchico.edu/atman/Crypto/misc/pgp-passphrase-survey.html.
30. R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321 (Informational), April 1992.
31. Wayne C. Summers and Edward Bosworth. Password policy: the good, the bad, and the ugly. In WISICT ’04: Proceedings of the winter international synposium on Information and communication technologies, pages 1–6. Trinity College Dublin, 2004.
32. W. Timothy Polk, William E. Burr, Donna F. Dodson. Electronic authentication guidelines. NIST Special Publication 800-63.
33. Thomas Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97–111, 1998.
34. Thomas Wu. A real-world analysis of Kerberos password security. In Internet Society Network and Distributed System Security Symposium, 1999.