Cracking associative passwords

Authors:
Kirsi Helkala;Nils Kalstad Svendsen;Per Thorsheim;Anders Wiehe
Affiliations:
Gjøvik University College, Norway;Gjøvik University College, Norway;EVRY Consulting, Norway;Gjøvik University College, Norway
Venue:
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Year:
2012

Citing 16
Cited 0

Human-computer cryptography: an attempt

CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Users are not the enemy

Communications of the ACM
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
Secure Human Identification Protocols

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The domino effect of password reuse

Communications of the ACM - Human-computer etiquette
Password Memorability and Security: Empirical Results

IEEE Security and Privacy
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Quality of Password Management Policy

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Human selection of mnemonic phrase-based passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A survey of passwords from 2007 to 2009

2009 Information Security Curriculum Development Conference
Using probabilistic techniques to aid in password cracking attacks

Using probabilistic techniques to aid in password cracking attacks
Selecting secure passwords

CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
SP 800-63-1. Electronic Authentication Guideline

SP 800-63-1. Electronic Authentication Guideline
A cryptanalytic time-memory trade-off

IEEE Transactions on Information Theory
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
The security and memorability of passwords generated by using an association element and a personal factor

NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Users are required and expected to generate and remember numerous good passwords, a challenge that is next to impossible without a systematic approach to the task. Associative passwords in combination with guidelines for the construction of 'Word', 'Mixed', and 'Non-word' passwords has been validated as an effective approach to creating strong, memorable passwords. The strength of associative passwords has previously been assessed by entropy-based metrics. This paper evaluates the strength of a set of collected associative passwords using a variety of password-cracking techniques. Analysis of the cracking sessions shows that current techniques for cracking passwords are not effective against associative passwords.