國立虎尾科技大學 |

Empirically Measuring and Evolving Common Password Heuristics.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	Empirically Measuring and Evolving Common Password Heuristics./
作者:	Sontheimer, David F.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2022,
面頁冊數:	56 p.
附註:	Source: Masters Abstracts International, Volume: 83-12.
Contained By:	Masters Abstracts International83-12.
標題:	Computer science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29167231
ISBN:	9798438774105

Empirically Measuring and Evolving Common Password Heuristics.
Sontheimer, David F.

Empirically Measuring and Evolving Common Password Heuristics. - Ann Arbor : ProQuest Dissertations & Theses, 2022 - 56 p.

Source: Masters Abstracts International, Volume: 83-12.

Thesis (M.S.)--Wake Forest University, 2022.

This item must not be sold to any third party vendors.

Passwords remain a common authentication method, yet contemporary manual password generation methods maintain weak passwords - an ongoing challenge in cybersecurity. Despite password policies designed to require harder-to-guess passwords, compromising a user password remains one of the most common methods of data breach. We consider the possibility that users select current password generation methods for ease of recall instead of resilience against attack.We propose comparing password generation methods empirically by measuring the work required to cracked password hashes with password cracking software. We generate passwords from two classes: random generation, and wordlist generation, and variants of each. Additionally, we offer a third class of generators we’ve named hashword generators - that utilize cryptographic hashing functions to output an ostensibly randomly-generated password. We model the theoretical keyspace of each generator, and measure the empirical keyspace of each utilizing the number of candidates required to crack a password hash in John the Ripper, a popular password cracking tool.Both our theoretical and empirical results demonstrate the relative weakness of passwords from wordlist generation when compared to both random generation and hashword generation. This includes the popular passphrase generation suggested by many cybersecurity organizations. Equally important, we confirm that passwords generated with cryptographic hashing functions contain keyspaces and entropy equal to that of fully-random generation. Across all generators, our empirical results support our theoretical results, suggesting successful modeling of the entropy of each generator.

ISBN: 9798438774105Subjects--Topical Terms:

573171
Computer science.
Subjects--Index Terms:

Cryptographic hashing functions

Empirically Measuring and Evolving Common Password Heuristics.
LDR:02952nam a2200421 4500 001 1104610
005 20230619080101.5
006 m o d
007 cr#unu||||||||
008 230907s2022 ||||||||||||||||| ||eng d
020 $a 9798438774105
035 $a (MiAaPQ)AAI29167231
035 $a AAI29167231
040 $a MiAaPQ $c MiAaPQ
100 1 $a Sontheimer, David F. $3 1413499
245 1 0 $a Empirically Measuring and Evolving Common Password Heuristics.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2022
300 $a 56 p.
500 $a Source: Masters Abstracts International, Volume: 83-12.
500 $a Advisor: Fulp, Errin W.
502 $a Thesis (M.S.)--Wake Forest University, 2022.
506 $a This item must not be sold to any third party vendors.
520 $a Passwords remain a common authentication method, yet contemporary manual password generation methods maintain weak passwords - an ongoing challenge in cybersecurity. Despite password policies designed to require harder-to-guess passwords, compromising a user password remains one of the most common methods of data breach. We consider the possibility that users select current password generation methods for ease of recall instead of resilience against attack.We propose comparing password generation methods empirically by measuring the work required to cracked password hashes with password cracking software. We generate passwords from two classes: random generation, and wordlist generation, and variants of each. Additionally, we offer a third class of generators we’ve named hashword generators - that utilize cryptographic hashing functions to output an ostensibly randomly-generated password. We model the theoretical keyspace of each generator, and measure the empirical keyspace of each utilizing the number of candidates required to crack a password hash in John the Ripper, a popular password cracking tool.Both our theoretical and empirical results demonstrate the relative weakness of passwords from wordlist generation when compared to both random generation and hashword generation. This includes the popular passphrase generation suggested by many cybersecurity organizations. Equally important, we confirm that passwords generated with cryptographic hashing functions contain keyspaces and entropy equal to that of fully-random generation. Across all generators, our empirical results support our theoretical results, suggesting successful modeling of the entropy of each generator.
590 $a School code: 0248.
650 4 $a Computer science. $3 573171
650 4 $a Computer engineering. $3 569006
650 4 $a Information technology. $3 559429
650 4 $a Information science. $3 561178
653 $a Cryptographic hashing functions
653 $a Cyber security
653 $a Network security
653 $a Password cracking
653 $a Password generation
653 $a Password strength
690 $a 0984
690 $a 0489
690 $a 0464
690 $a 0723
710 2 $a Wake Forest University. $b Computer Science. $3 1413500
773 0 $t Masters Abstracts International $g 83-12.
790 $a 0248
791 $a M.S.
792 $a 2022
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29167231