Analysis on the Security and Use of Password Managers

2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT) Pub Date : 2017-12-01 DOI:10.1109/PDCAT.2017.00013

Carlos Luevanos, John Elizarraras, K. Hirschi, Jyh-haw Yeh

{"title":"Analysis on the Security and Use of Password Managers","authors":"Carlos Luevanos, John Elizarraras, K. Hirschi, Jyh-haw Yeh","doi":"10.1109/PDCAT.2017.00013","DOIUrl":null,"url":null,"abstract":"Cybersecurity has become one of the largest growing fields in computer science and the technology industry. Faulty security has cost the global economy immense losses. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends. When big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to dictionary and rainbow table attacks. Those are only two examples of attacks that are used to crack passwords. In this paper, we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will compare our research with the limited research already conducted on password managers. Finally, we will provide some general guidelines of how to develop a better and more secure password manager.","PeriodicalId":119197,"journal":{"name":"2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2017.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Cybersecurity has become one of the largest growing fields in computer science and the technology industry. Faulty security has cost the global economy immense losses. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends. When big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to dictionary and rainbow table attacks. Those are only two examples of attacks that are used to crack passwords. In this paper, we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will compare our research with the limited research already conducted on password managers. Finally, we will provide some general guidelines of how to develop a better and more secure password manager.

查看原文本刊更多论文

密码管理器的安全性及使用分析

网络安全已经成为计算机科学和技术行业中增长最快的领域之一。安全问题给全球经济造成了巨大损失。通常，这种经济损失的陷阱是由于密码的安全性。公司和普通人都没有像NIST(美国国家标准技术研究院)建议的那样严格执行密码指南。当发生重大安全漏洞时，成千上万的密码可能会暴露并存储在文件中，这意味着人们很容易受到字典和彩虹表的攻击。这只是用来破解密码的两个例子。在本文中，我们将介绍三个开源密码管理器，每个密码管理器都有其独特之处。我们的研究结果将总结每个密码管理器的整体安全性，使用已建立的攻击列表和针对此类软件的新潜在攻击的开发。此外，我们将把我们的研究与已经对密码管理器进行的有限研究进行比较。最后，我们将提供一些关于如何开发更好、更安全的密码管理器的一般指导方针。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)

自引率

0.00%

发文量