On the Economics of Offline Password Cracking

@article{Blocki2018OnTE,
  title={On the Economics of Offline Password Cracking},
  author={Jeremiah Blocki and Benjamin Harsha and Samson Zhou},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={853-871}
}
We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All… CONTINUE READING