Securing passwords from dictionary attack with character-tree

机译：使用字符树保护密码免受字典攻击

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Most websites use passwords for authenticating user identity and for allowing access to website resources that may contain sensitive information. A large number of people use dictionary words for creating passwords. These user passwords are subjected to one-way hash functions and are stored inside the database as corresponding hash values instead of plaintext. A potential hacker can use brute-force, rainbow table or dictionary attacks to get the input password from the hash values and the most reported real life hacks were done by cracking password hashes using dictionary attack. Currently, users are allowed to register in websites only with passwords that obey the security policies. It is noted that, even though passwords with certain patterns are accepted as strong by the existing policies, they are vulnerable for a dictionary attack based on those patterns. This paper proposes a novel method for ensuring security for passwords against such dictionary attacks. This method, checks strength of the user passwords using a dictionary which is stored as a character tree. This system helps to create strong password hashes that are resistant to dictionary attacks. This approach thus offers advanced and superior protection for passwords from cracking attempts.

机译：大多数网站使用密码来验证用户身份并允许访问可能包含敏感信息的网站资源。许多人使用字典词来创建密码。这些用户密码具有单向哈希函数，并作为对应的哈希值而不是纯文本存储在数据库中。潜在的黑客可以使用蛮力攻击，rainbow table攻击或字典攻击从哈希值中获取输入密码，而报道最多的现实生活中的黑客攻击是通过使用字典攻击来破解密码哈希来完成的。当前，仅允许用户使用遵守安全策略的密码在网站中注册。需要注意的是，即使具有某些模式的密码已被现有策略接受为强密码，但它们很容易受到基于这些模式的字典攻击。本文提出了一种新颖的方法来确保密码的安全性，防止此类字典攻击。该方法使用存储为字符树的字典来检查用户密码的强度。此系统有助于创建可抵抗字典攻击的强密码哈希。因此，此方法可为密码提供高级和出色的保护，以防止密码破解。

著录项

来源
《Proceedings of the 2016 IEEE International Conference on Wireless Communications, Signal Processing and Networking》|2016年|2301-2307|共7页
会议地点 Chennai(IN)
作者
Jacob Jose; Tibin T. Tomy; Vibin Karunakaran; Anjali Krishna V; Anoop Varkey; Nisha C.A.;
展开▼
作者单位

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

Department of Information Technology, College of Engineering Kidangoor, Kottayam, India;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Dictionaries; Computer hacking; Databases; Peer-to-peer computing; Conferences; Authentication;

机译：词典;计算机黑客;数据库;对等计算;会议;身份验证;

相似文献

外文文献
中文文献
专利

1. Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks [J] . JunghyunNam, Kim-Kwang RaymondChoo, JuryonPaik, ScientificWorldJournal . 2014,第3期

机译：只密码认证的三方密钥交换证明是安全的内幕词典攻击
2. A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks [J] . Mohammad Sabzinejad Farash, SK Hafizul Islam, Mohammad S. Obaidat Concurrency and computation: practice and experience . 2015,第17期

机译：经过验证的安全有效的基于两方密码的显式身份验证密钥交换协议，可抵抗密码猜测攻击
3. A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks [J] . Mohammad Sabzinejad Farash, SK Hafizul Islam, Mohammad S. Obaidat Concurrency and computation: practice and experience . 2015,第17期

机译：一种可透明的安全和有效的双方密码的明确经验验证的密钥交换协议对密码猜测攻击
4. Securing passwords from dictionary attack with character-tree [C] . Jacob Jose, Tibin T. Tomy, Vibin Karunakaran, International Conference on Wireless Communications, Signal Processing and Networking . 2016

机译：用字符树保护密码用字典攻击
5. Dictionary Attacks and Password Selection. [D] . Madiraju, Tarun. 2014

机译：字典攻击和密码选择。
6. Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks [O] . Junghyun Nam, Kim-Kwang Raymond Choo, Juryon Paik, -1

机译：经验证的仅密码验证的三方密钥交换可抵御内幕字典攻击
7. Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise [O] . Bellovin Steven Michael, Merritt Michael 1993

机译：增强型加密密钥交换：一种基于密码的协议，可防止字典攻击和密码文件泄露

Securing passwords from dictionary attack with character-tree

摘要

著录项

相似文献

相关主题

期刊订阅