Skip to main content
Top

2015 | OriginalPaper | Chapter

Unrevealed Patterns in Password Databases Part One: Analyses of Cleartext Passwords

Authors : Norbert Tihanyi, Attila Kovács, Gergely Vargha, Ádám Lénárt

Published in: Technology and Practice of Passwords

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In this paper we present a regression based analyses of cleartext passwords moving towards an efficient password cracking methodology. Hundreds of available databases were examined and it was observed that they had similar behavior regardless of their size: password length distribution, entropy, letter frequencies form similar characteristics in each database. Exploiting these characteristics a huge amount of cleartext passwords were analyzed in order to be able to design more sophisticated brute-force attack methods. New patterns are exposed by analyzing millions of cleartext passwords.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
Exact numbers of PLD of Rockyou database can be found on passcape.com [14].
 
Literature
15.
go back to reference Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, Association for Computing Machinery, Banff, Alberta, Canada, pp. 657–666 (2007) Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, Association for Computing Machinery, Banff, Alberta, Canada, pp. 657–666 (2007)
16.
go back to reference Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS 2010: Proceedings of the 6th Symposium on Usable Privacy and Security. ACM (2010) Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS 2010: Proceedings of the 6th Symposium on Usable Privacy and Security. ACM (2010)
17.
go back to reference Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. Carnegie Mellon University, Technical report CMU-CyLab-11-008 (2011) Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. Carnegie Mellon University, Technical report CMU-CyLab-11-008 (2011)
19.
go back to reference Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, San Francisco, CA (2012) Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, San Francisco, CA (2012)
20.
go back to reference Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: ACM Conference on Computer and Communications Security, pp. 162–175 (2010) Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: ACM Conference on Computer and Communications Security, pp. 162–175 (2010)
21.
go back to reference Dell Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: Proceedings of the 29th Conference on Information Communications, San Diego, pp. 983–991 (2010) Dell Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: Proceedings of the 29th Conference on Information Communications, San Diego, pp. 983–991 (2010)
22.
go back to reference Tihanyi, N.: Comparison of two hungarian password databases. Pollack Periodica 8(2), 179–186 (2013)CrossRef Tihanyi, N.: Comparison of two hungarian password databases. Pollack Periodica 8(2), 179–186 (2013)CrossRef
23.
go back to reference Bonneau, J.: Statistical metrics for individual password strength. In: SP 2012 Proceedings of the 20th International Conference on Security Protocols, University of Cambridge, UK, pp. 76–86 (2012) Bonneau, J.: Statistical metrics for individual password strength. In: SP 2012 Proceedings of the 20th International Conference on Security Protocols, University of Cambridge, UK, pp. 76–86 (2012)
Metadata
Title
Unrevealed Patterns in Password Databases Part One: Analyses of Cleartext Passwords
Authors
Norbert Tihanyi
Attila Kovács
Gergely Vargha
Ádám Lénárt
Copyright Year
2015
DOI
https://doi.org/10.1007/978-3-319-24192-0_6

Premium Partner