On the Economics of Offline Password Cracking

@article{Blocki2018OnTE,
  title={On the Economics of Offline Password Cracking},
  author={Jeremiah Blocki and Benjamin Harsha and Samson Zhou},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={853-871}
}
We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with 10^5 hash iterations… CONTINUE READING

Citations

Publications citing this paper.
Showing 1-2 of 2 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 89 references

Lastpass security notice

  • L. Breech
  • https://blog.lastpass.com/2015/ 06/lastpass…
  • 2015
Highly Influential
17 Excerpts

Symantec report on the underground economy

  • M. Fossi, E. Johnson, +7 authors J. Gough
  • November 2008, retrieved 1/8/2013.
  • 2008
Highly Influential
7 Excerpts

On the implications of zipf’s law in passwords

  • D. Wang, P. Wang
  • Computer Security - ESORICS 2016 - 21st European…
  • 2016
Highly Influential
10 Excerpts

How we cracked millions of ashley madison bcrypt hashes efficiently

  • CynoSurePrime
  • http://cynosureprime.blogspot.com/2015/ 09/how-we…
  • 2015
Highly Influential
6 Excerpts

Zipfs law in passwords

  • X. H. Ding Wang, Gaopeng Jian, P. Wang
  • Cryptology ePrint Archive, Report 2014/631, 2014…
  • 2014
Highly Influential
5 Excerpts

Digital identity guidelines: Authentication and lifecycle management

  • P. A. Grassi, E. M. Newton, +7 authors K. Greene
  • Special Publication (NIST SP)-800-63B, 2017.
  • 2017
1 Excerpt

Similar Papers

Loading similar papers…