Cargando…
Convergence of Password Guessing to Optimal Success Rates †
Password guessing is one of the most common methods an attacker will use for compromising end users. We often hear that passwords belonging to website users have been leaked and revealed to the public. These leaks compromise the users involved but also feed the wealth of knowledge attackers have abo...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7516852/ https://www.ncbi.nlm.nih.gov/pubmed/33286152 http://dx.doi.org/10.3390/e22040378 |
| _version_ | 1783587094455648256 |
|---|---|
| author | Murray, Hazel Malone, David |
| author_facet | Murray, Hazel Malone, David |
| author_sort | Murray, Hazel |
| collection | PubMed |
| description | Password guessing is one of the most common methods an attacker will use for compromising end users. We often hear that passwords belonging to website users have been leaked and revealed to the public. These leaks compromise the users involved but also feed the wealth of knowledge attackers have about users’ passwords. The more informed attackers are about password creation, the better their password guessing becomes. In this paper, we demonstrate using proofs of convergence and real-world password data that the vulnerability of users increases as a result of password leaks. We show that a leak that reveals the passwords of just 1% of the users provides an attacker with enough information to potentially have a success rate of over 84% when trying to compromise other users of the same website. For researchers, it is often difficult to quantify the effectiveness of guessing strategies, particularly when guessing different datasets. We construct a model of password guessing that can be used to offer visual comparisons and formulate theorems corresponding to guessing success. |
| format | Online Article Text |
| id | pubmed-7516852 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-75168522020-11-09 Convergence of Password Guessing to Optimal Success Rates † Murray, Hazel Malone, David Entropy (Basel) Article Password guessing is one of the most common methods an attacker will use for compromising end users. We often hear that passwords belonging to website users have been leaked and revealed to the public. These leaks compromise the users involved but also feed the wealth of knowledge attackers have about users’ passwords. The more informed attackers are about password creation, the better their password guessing becomes. In this paper, we demonstrate using proofs of convergence and real-world password data that the vulnerability of users increases as a result of password leaks. We show that a leak that reveals the passwords of just 1% of the users provides an attacker with enough information to potentially have a success rate of over 84% when trying to compromise other users of the same website. For researchers, it is often difficult to quantify the effectiveness of guessing strategies, particularly when guessing different datasets. We construct a model of password guessing that can be used to offer visual comparisons and formulate theorems corresponding to guessing success. MDPI 2020-03-26 /pmc/articles/PMC7516852/ /pubmed/33286152 http://dx.doi.org/10.3390/e22040378 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Murray, Hazel Malone, David Convergence of Password Guessing to Optimal Success Rates † |
| title | Convergence of Password Guessing to Optimal Success Rates † |
| title_full | Convergence of Password Guessing to Optimal Success Rates † |
| title_fullStr | Convergence of Password Guessing to Optimal Success Rates † |
| title_full_unstemmed | Convergence of Password Guessing to Optimal Success Rates † |
| title_short | Convergence of Password Guessing to Optimal Success Rates † |
| title_sort | convergence of password guessing to optimal success rates † |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7516852/ https://www.ncbi.nlm.nih.gov/pubmed/33286152 http://dx.doi.org/10.3390/e22040378 |
| work_keys_str_mv | AT murrayhazel convergenceofpasswordguessingtooptimalsuccessrates AT malonedavid convergenceofpasswordguessingtooptimalsuccessrates |