2,942 research outputs found
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
Naturally Rehearsing Passwords
We introduce quantitative usability and security models to guide the design
of password management schemes --- systematic strategies to help users create
and remember multiple passwords. In the same way that security proofs in
cryptography are based on complexity-theoretic assumptions (e.g., hardness of
factoring and discrete logarithm), we quantify usability by introducing
usability assumptions. In particular, password management relies on assumptions
about human memory, e.g., that a user who follows a particular rehearsal
schedule will successfully maintain the corresponding memory. These assumptions
are informed by research in cognitive science and validated through empirical
studies. Given rehearsal requirements and a user's visitation schedule for each
account, we use the total number of extra rehearsals that the user would have
to do to remember all of his passwords as a measure of the usability of the
password scheme. Our usability model leads us to a key observation: password
reuse benefits users not only by reducing the number of passwords that the user
has to memorize, but more importantly by increasing the natural rehearsal rate
for each password. We also present a security model which accounts for the
complexity of password management with multiple accounts and associated
threats, including online, offline, and plaintext password leak attacks.
Observing that current password management schemes are either insecure or
unusable, we present Shared Cues--- a new scheme in which the underlying secret
is strategically shared across accounts to ensure that most rehearsal
requirements are satisfied naturally while simultaneously providing strong
security. The construction uses the Chinese Remainder Theorem to achieve these
competing goals
Cryptographic salting for security enhancement of double random phase encryption schemes
Security in optical encryption techniques is a subject of great importance, especially in light of recent reports of successful attacks. We propose a new procedure to reinforce the ciphertexts generated in double random phase encrypting experimental setups. This ciphertext is protected by multiplexing with a 'salt' ciphertext coded with the same setup. We present an experimental implementation of the 'salting' technique. Thereafter, we analyze the resistance of the 'salted' ciphertext under some of the commonly known attacks reported in the literature, demonstrating the validity of our proposal.Fil: Velez Zea, Alejandro. Consejo Nacional de Investigaciones CientÃficas y Técnicas. Centro CientÃfico Tecnológico Conicet - La Plata. Centro de Investigaciones Ópticas. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones CientÃficas. Centro de Investigaciones Ópticas. Universidad Nacional de La Plata. Centro de Investigaciones Ópticas; ArgentinaFil: Barrera RamÃrez, John Fredy. Universidad de Antioquia; ColombiaFil: Torroba, Roberto Daniel. Consejo Nacional de Investigaciones CientÃficas y Técnicas. Centro CientÃfico Tecnológico Conicet - La Plata. Centro de Investigaciones Ópticas. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones CientÃficas. Centro de Investigaciones Ópticas. Universidad Nacional de La Plata. Centro de Investigaciones Ópticas; Argentina. Universidad Nacional de la Plata. Facultad de IngenierÃa. Uidet Grupo de Ensayos Mecanicos Aplicados.; Argentin
- …