Abstract
Password-based authentication remains the main method of user authentication in computer systems. In case of a leak of the user database, the obfuscated storage of passwords is the last remaining protection of credentials. The strength of a password determines how hard it is to crack a password hash for uncovering the plain text password. Internet users often ignore recommended password guidelines and choose weak passwords that are easy to guess. In addition, service providers do not warn users that their chosen passwords are not secure enough. In this work we present a semi-automatic password cracking algorithm that orders and executes user-chosen password cracking attacks based on their efficiency. With our new approach, we are able to accelerate the cracking of password hashes and to demonstrate that weak passwords are still a serious security risk. The intention of this work is to point out that the usage of weak passwords holds great dangers for both the user and the service provider.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Password analysis and cracking kit (Version 0.0.4) - https://github.com/iphelix/pack (accessed 1 April 2019).
- 2.
https://haveibeenpwned.com/Passwords, (accessed 1 April 2019).
References
Golla, M., Dürmuth, M.: On the accuracy of password strength meters. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1567–1582. ACM, New York (2018). https://doi.org/10.1145/3243734.3243769
National Institue of Standards and Techonology: Digital Identity Guidelines - Authentication and Lifecycle Management (NIST Special Publication 800–63B) (5 2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Pelchen, C., Jaeger, D., Cheng, F., Meinel, C. (2019). The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-34339-2_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34338-5
Online ISBN: 978-3-030-34339-2
eBook Packages: Computer ScienceComputer Science (R0)