Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT

In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target -- especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary context about a suspect and find ways to leverage this information within password guessing techniques

Pair Based Authentication using Dynamic Grid

Authentication is an important step in Login to the system. In this paper we are implementing one scheme for Mobile Social Network which makes the authentication process secure compare to the other schemes. Many schemes were proposed to secure the system. We first explore some major schemes proposed for the Authentication process. Due to the lots of attacks in the cyber world, high performance and secure login schemes are becoming important and we are implementing one such scheme in our implementation of mobile social network: Pair based authentication. DOI: 10.17762/ijritcc2321-8169.15083

Password Breach Protection Using Honeyword

With the advancement in the field of information technology, many users have share their files on cloud are bound to have many security related issues. One of them is password file. Password files have got more security problems which affect millions of customers worldwide as well as many organizations. In Existing system, password is stored in the encrypted form, if password stolen, then by cracking of password technique and decryption method which very easy to get most of plaintext and encrypted passwords. In propose work, it generates honeyword passwords i.e. untrue passwords by using flawlessly honeyword generation way, and also it tries to invite prohibited or unauthorized users. Hence we notice the illegal users. Here also protects original info from illegal users using other file format

Exploring the Impact of Password Dataset Distribution on Guessing

Leaks from password datasets are a regular occurrence. An organization may defend a leak with reassurances that just a small subset of passwords were taken. In this paper we show that the leak of a relatively small number of text-based passwords from an organizations' stored dataset can lead to a further large collection of users being compromised. Taking a sample of passwords from a given dataset of passwords we exploit the knowledge we gain of the distribution to guess other samples from the same dataset. We show theoretically and empirically that the distribution of passwords in the sample follows the same distribution as the passwords in the whole dataset. We propose a function that measures the ability of one distribution to estimate another. Leveraging this we show that a sample of passwords leaked from a given dataset, will compromise the remaining passwords in that dataset better than a sample leaked from another source

Using Probabilistic Context-Free Grammar to Create Password Guessing Models

This paper will discuss two versions of probabilistic context-free grammar password-guessing models. The first model focuses on using English semantics to break down passwords and identify patterns. The second model identifies repeating chunks in passwords and uses this information to create possible passwords. Then, we will show the performance of each model on leaked password databases, and finally discuss the observations made on these tests

Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe