DAHash: distribution aware tuning of password hashing costs. (English) Zbl 1491.94077
Borisov, Nikita (ed.) et al., Financial cryptography and data security. 25th international conference, FC 2021, virtual event, March 1–5, 2021. Revised selected papers. Part II. Berlin: Springer. Lect. Notes Comput. Sci. 12675, 382-405 (2021).
Summary: An attacker who breaks into an authentication server and steals all of the cryptographic password hashes is able to mount an offline-brute force attack against each user’s password. Offline brute-force attacks against passwords are increasingly commonplace and the danger is amplified by the well documented human tendency to select low-entropy password and/or reuse these passwords across multiple accounts. Moderately hard password hashing functions are often deployed to help protect passwords against offline attacks by increasing the attacker’s guessing cost. However, there is a limit to how “hard” one can make the password hash function as authentication servers are resource constrained and must avoid introducing substantial authentication delay. Observing that there is a wide gap in the strength of passwords selected by different users we introduce DAHash (Distribution Aware Password Hashing) a novel mechanism which reduces the number of passwords that an attacker will crack. Our key insight is that a resource-constrained authentication server can dynamically tune the hardness parameters of a password hash function based on the (estimated) strength of the user’s password. We introduce a Stackelberg game to model the interaction between a defender (authentication server) and an offline attacker. Our model allows the defender to optimize the parameters of DAHash e.g., specify how much effort is spent in hashing weak/moderate/high strength passwords. We use several large scale password frequency datasets to empirically evaluate the effectiveness of our differentiated cost password hashing mechanism. We find that the defender who uses our mechanism can reduce the fraction of passwords that would be cracked by a rational offline attacker by up to \(15\%\).
For the entire collection see [Zbl 1489.94004].
For the entire collection see [Zbl 1489.94004].
MSC:
| 94A62 | Authentication, digital signatures and secret sharing |
| 94A60 | Cryptography |
| 68P25 | Data encryption (aspects in computer science) |
References:
| [1] | Biteopt algorithm. https://github.com/avaneev/biteopt |
| [2] | Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, Dallas, TX, USA, pp. 1483-1499. ACM Press, 31 October-2 November 2017. doi:10.1145/3133956.3133960 |
| [3] | Alwen, J., Blocki, J., Harsha, B.: Practical graphs for optimal side-channel resistant memory-hard functions. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, Dallas, TX, USA, pp. 1001-1017. ACM Press, 31 October-2 November 2017. doi:10.1145/3133956.3134031 |
| [4] | Bai, W., Blocki, J.: Dahash: Distribution aware tuning of password hashing costs (2021). https://arxiv.org/abs/2101.10374 |
| [5] | Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 292-302. IEEE (2016) |
| [6] | Blocki, J., Datta, A.: CASH: a cost asymmetric secure hash algorithm for optimal password protection. In: IEEE 29th Computer Security Foundations Symposium, pp. 371-386 (2016) |
| [7] | Blocki, J., Datta, A., Bonneau, J.: Differentially private password frequency lists. In: NDSS 2016, San Diego, CA, USA. The Internet Society, 21-24 February 2016 |
| [8] | Blocki, J., Harsha, B., Zhou, S.: On the economics of offline password cracking. In: 2018 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 853-871. IEEE Computer Society Press, 21-23 May 2018. doi:10.1109/SP.2018.00009 |
| [9] | Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 538-552. IEEE Computer Society Press, 21-23 May 2012. doi:10.1109/SP.2012.49 |
| [10] | Boyen, X.: Halting password puzzles: hard-to-break encryption from human-memorable keys. In: Provos, N. (ed.) USENIX Security 2007, pp. 6-10, Boston, MA, USA. USENIX Association, August 2007 |
| [11] | Castelluccia, C., Chaabane, A., Dürmuth, M., Perito, D.: When privacy meets security: Leveraging personal information for password cracking. arXiv preprint arXiv:1304.6584 (2013) |
| [12] | Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: NDSS 2012, San Diego, CA, USA, The Internet Society, 5-8 February 2012 |
| [13] | Dell’Amico, M., Filippone, M.: Monte Carlo strength evaluation: fast and reliable password checking. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, Denver, CO, USA, pp. 158-169. ACM Press, 12-16 October 2015. doi:10.1145/2810103.2813631 |
| [14] | Dodis, Y.; Guo, S.; Katz, J.; Coron, J-S; Nielsen, JB, Fixing cracks in the concrete: random oracles with auxiliary input, revisited, Advances in Cryptology - EUROCRYPT 2017, 473-495 (2017), Cham: Springer, Cham · Zbl 1415.94424 · doi:10.1007/978-3-319-56614-6_16 |
| [15] | Fossi, M., et al.: Symantec report on the underground economy, November 2008. Accessed 1 August 2013 |
| [16] | Harsha, B., Morton, R., Blocki, J., Springer, J., Dark, M.: Bicycle attacks considered harmful: Quantifying the damage of widespread password length leakage. Comput. Secur. 100, 102068 (2021) |
| [17] | Herley, C.; Florêncio, D.; Moore, T.; Pym, D.; Ioannidis, C., Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy, Economics of Information Security and Privacy, 33-53 (2010), Boston: Springer, Boston · doi:10.1007/978-1-4419-6967-5_3 |
| [18] | Kaliski, B.: Pkcs# 5: password-based cryptography specification version 2.0 (2000) |
| [19] | Kelley, P.G., et al.: Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy, pp. 523-537. IEEE Computer Society Press, San Francisco, CA, USA, 21-23 May 2012. doi:10.1109/SP.2012.38 |
| [20] | Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, pp. 689-704. IEEE Computer Society Press, Berkeley, CA, USA, 18-21 May 2014. doi:10.1109/SP.2014.50 |
| [21] | Manber, U., A simple scheme to make passwords based on one-way functions much harder to crack, Comput. Secur., 15, 2, 171-176 (1996) · doi:10.1016/0167-4048(96)00003-X |
| [22] | Melicher, W., et al.: Fast, lean, and accurate: Modeling password guessability using neural networks. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, Austin, TX, USA, pp. 175-191. USENIX Association, 10-12 August 2016 |
| [23] | Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594-597 (1979). http://dl.acm.org/citation.cfm?id=359172 |
| [24] | Oechslin, P.; Boneh, D., Making a faster cryptanalytic time-memory trade-off, Advances in Cryptology - CRYPTO 2003, 617-630 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94393 · doi:10.1007/978-3-540-45146-4_36 |
| [25] | Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan 2009 (2009) |
| [26] | Provos, N., Mazieres, D.: Bcrypt algorithm. In: USENIX (1999) |
| [27] | Rios, LM; Sahinidis, NV, Derivative-free optimization: a review of algorithms and comparison of software implementations, J. Global Optim., 56, 3, 1247-1293 (2013) · Zbl 1272.90116 · doi:10.1007/s10898-012-9951-y |
| [28] | Stockley, M.: What your hacked account is worth on the dark web, August 2016. https://nakedsecurity.sophos.com/2016/08/09/what-your-hacked-account-is-worth-on-the-dark-web/ |
| [29] | Ur, B., et al.: Measuring real-world accuracies and biases in modeling password guessability. In: Jung, J., Holz, T. (eds.) USENIX Security 2015. pp. 463-481. USENIX Association, Washington, DC, USA, 12-14 August 2015 |
| [30] | Vasek, M.; Bonneau, J.; Castellucci, R.; Keith, C.; Moore, T.; Grossklags, J.; Preneel, B., The bitcoin brain drain: examining the use and abuse of bitcoin brain wallets, Financial Cryptography and Data Security, 609-618 (2017), Heidelberg: Springer, Heidelberg · doi:10.1007/978-3-662-54970-4_36 |
| [31] | Veras, R., Collins, C., Thorpe, J.: On semantic patterns of passwords and their security impact. In: NDSS 2014. The Internet Society, San Diego, CA, USA, 23-26 February 2014 |
| [32] | Von Stackelberg, H.: Market Structure and Equilibrium. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12586-7 · Zbl 1405.91003 |
| [33] | Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 391-405. IEEE Computer Society Press, 17-20 May 2009. doi:10.1109/SP.2009.8 |
| [34] | Wetzels, J.: Open sesame: The password hashing competition and Argon2. Cryptology ePrint Archive, Report 2016/104 (2016), http://eprint.iacr.org/2016/104 |
| [35] | Wiener, MJ, The Full Cost of Cryptanalytic Attacks, Journal of Cryptology, 17, 2, 105-124 (2003) · Zbl 1083.68051 · doi:10.1007/s00145-003-0213-5 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
