Sciweavers

CCS
2005
ACM

Fast dictionary attacks on passwords using time-space tradeoff

13 years 9 months ago
Fast dictionary attacks on passwords using time-space tradeoff
Human-memorable passwords are a mainstay of computer security. To decrease vulnerability of passwords to bruteforce dictionary attacks, many organizations enforce complicated password-creation rules and require that passwords include numerals and special characters. We demonstrate that as long as passwords remain human-memorable, they are vulnerable to “smart-dictionary” attacks even when the space of potential passwords is large. Our first insight is that the distribution of letters in easyto-remember passwords is likely to be similar to the distribution of letters in the users’ native language. Using standard Markov modeling techniques from natural language processing, this can be used to dramatically reduce the size of the password space to be searched. Our second contribution is an algorithm for efficient enumeration of the remaining password space. This allows application of time-space tradeoff techniques, limiting memory accesses to a relatively small table of “partial...
Arvind Narayanan, Vitaly Shmatikov
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CCS
Authors Arvind Narayanan, Vitaly Shmatikov
Comments (0)