• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International conference on information security practice and experience >The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm
【24h】

The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm

机译:弱密码的(持久性)威胁:半自动密码破解算法的实现

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Password-based authentication remains the main method of user authentication in computer systems. In case of a leak of the user database, the obfuscated storage of passwords is the last remaining protection of credentials. The strength of a password determines how hard it is to crack a password hash for uncovering the plain text password. Internet users often ignore recommended password guidelines and choose weak passwords that are easy to guess. In addition, service providers do not warn users that their chosen passwords are not secure enough. In this work we present a semi-automatic password cracking algorithm that orders and executes user-chosen password cracking attacks based on their efficiency. With our new approach, we are able to accelerate the cracking of password hashes and to demonstrate that weak passwords are still a serious security risk. The intention of this work is to point out that the usage of weak passwords holds great dangers for both the user and the service provider.
机译:基于密码的身份验证仍然是计算机系统中用户身份验证的主要方法。在用户数据库泄漏的情况下,密码的混淆存储是凭据的最后剩余保护。密码的强度决定了破解密码哈希以发现纯文本密码的难度。 Internet用户通常会忽略建议的密码准则,而选择容易猜到的弱密码。另外,服务提供商不会警告用户他们选择的密码不够安全。在这项工作中,我们提出了一种半自动密码破解算法,该算法根据其效率对用户选择的密码破解攻击进行排序和执行。通过我们的新方法,我们能够加速破解密码哈希,并证明弱密码仍然是严重的安全风险。这项工作的目的是指出,弱密码的使用对用户和服务提供商都构成极大的危险。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号