On the Economics of Offline Password Cracking

  title={On the Economics of Offline Password Cracking},
  author={Jeremiah Blocki and Benjamin Harsha and Samson Zhou},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with 10^5 hash iterations… CONTINUE READING


Publications referenced by this paper.

Lastpass security notice

  • L. Breech
  • https://blog.lastpass.com// 06/lastpass-security…
  • 2015
Highly Influential
17 Excerpts

Symantec report on the underground economy

  • M. Fossi, E. Johnson, +7 authors J. Gough
  • November , retrieved 1/8/2013.
  • 2008
Highly Influential
7 Excerpts

On the implications of zipf’s law in passwords

  • D. Wang, P. Wang
  • Computer Security - ESORICS - 21st European…
  • 2016
Highly Influential
10 Excerpts

How we cracked millions of ashley madison bcrypt hashes efficiently

  • CynoSurePrime
  • http://cynosureprime.blogspot.com// 09/how-we…
  • 2015
Highly Influential
5 Excerpts

Zipfs law in passwords

  • X. H. Ding Wang, Gaopeng Jian, P. Wang
  • Cryptology ePrint Archive, Report /631, , http…
  • 2014
Highly Influential
5 Excerpts

Digital identity guidelines: Authentication and lifecycle management

  • P. A. Grassi, E. M. Newton, +7 authors K. Greene
  • Special Publication (NIST SP)-800-63B, .
  • 2017
1 Excerpt

Similar Papers

Loading similar papers…