Evaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks

2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2020-10-01 DOI:10.1109/ISSREW51248.2020.00079

David Pereira, J. Ferreira, A. Mendes

引用次数: 6

Abstract

In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved.

查看原文本刊更多论文

使用现成的猜测攻击评估密码强度计的准确性

在本文中，我们使用密码猜测抵抗现成的猜测攻击来衡量密码强度计(psm)的准确性。我们考虑了13个psm, 5种不同的攻击工具，以及从三个不同的真实世界密码泄露数据集中随机抽取的60,000个密码。我们的研究结果表明，被分类为强的密码中有很大比例被破解，这表明目前的密码强度估计方法可以得到改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量