Effect of grammar on security of long passwords

Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI:10.1145/2435349.2435395

Ashwini Rao, B. Jha, G. Kini

{"title":"Effect of grammar on security of long passwords","authors":"Ashwini Rao, B. Jha, G. Kini","doi":"10.1145/2435349.2435395","DOIUrl":null,"url":null,"abstract":"Use of long sentence-like or phrase-like passwords such as \"abiggerbetterpassword\" and \"thecommunistfairy\" is increasing. In this paper, we study the role of grammatical structures underlying such passwords in diminishing the security of passwords. We show that the results of the study have direct bearing on the design of secure password policies, and on password crackers used for enforcing password security. Using an analytical model based on Parts-of-Speech tagging we show that the decrease in search space due to the presence of grammatical structures can be more than 50%. A significant result of our work is that the strength of long passwords does not increase uniformly with length. We show that using a better dictionary e.g. Google Web Corpus, we can crack more long passwords than previously shown (20.5% vs. 6%). We develop a proof-of-concept grammar-aware cracking algorithm to improve the cracking efficiency of long passwords. In a performance evaluation on a long password dataset, 10% of the total dataset was exclusively cracked by our algorithm and not by state-of-the-art password crackers.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"60","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the third ACM conference on Data and application security and privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2435349.2435395","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 60

Abstract

Use of long sentence-like or phrase-like passwords such as "abiggerbetterpassword" and "thecommunistfairy" is increasing. In this paper, we study the role of grammatical structures underlying such passwords in diminishing the security of passwords. We show that the results of the study have direct bearing on the design of secure password policies, and on password crackers used for enforcing password security. Using an analytical model based on Parts-of-Speech tagging we show that the decrease in search space due to the presence of grammatical structures can be more than 50%. A significant result of our work is that the strength of long passwords does not increase uniformly with length. We show that using a better dictionary e.g. Google Web Corpus, we can crack more long passwords than previously shown (20.5% vs. 6%). We develop a proof-of-concept grammar-aware cracking algorithm to improve the cracking efficiency of long passwords. In a performance evaluation on a long password dataset, 10% of the total dataset was exclusively cracked by our algorithm and not by state-of-the-art password crackers.

查看原文本刊更多论文

语法对长密码安全性的影响

越来越多的人使用像“abiggerbetterpassword”和“theccommunistfairy”这样的长句式或短语式密码。在本文中，我们研究了语法结构在降低密码安全性中的作用。我们表明，研究结果直接影响安全密码策略的设计，以及用于强制密码安全的密码破解器。使用基于词性标记的分析模型，我们发现由于语法结构的存在而减少的搜索空间可以超过50%。我们工作的一个重要结果是，长密码的强度并不随着长度的增加而均匀增加。我们表明，使用更好的词典，如谷歌网络语料库，我们可以破解比之前显示的更多的长密码(20.5%比6%)。为了提高长密码的破解效率，我们开发了一种概念验证的语法感知破解算法。在对长密码数据集的性能评估中，总数据集的10%完全被我们的算法破解，而不是由最先进的密码破解者破解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the third ACM conference on Data and application security and privacy

自引率

0.00%

发文量