Murray, Hazel and Malone, David (2020) Convergence of Password Guessing to Optimal Success Rates. Entropy, 22 (4). p. 378. ISSN 1099-4300

Preview

Download (3MB) | Preview

Abstract

Password guessing is one of the most common methods an attacker will use for compromising end users. We often hear that passwords belonging to website users have been leaked and revealed to the public. These leaks compromise the users involved but also feed the wealth of knowledge attackers have about users’ passwords. The more informed attackers are about password creation, the better their password guessing becomes. In this paper, we demonstrate using proofs of convergence and real-world password data that the vulnerability of users increases as a result of password leaks. We show that a leak that reveals the passwords of just 1% of the users provides an attacker with enough information to potentially have a success rate of over 84% when trying to compromise other users of the same website. For researchers, it is often difficult to quantify the effectiveness of guessing strategies, particularly when guessing different datasets. We construct a model of password guessing that can be used to offer visual comparisons and formulate theorems corresponding to guessing success.

Item Type:	Article
Keywords:	passwords; guessing; dataset; distribution;
Academic Unit:	Faculty of Science and Engineering > Mathematics and Statistics Faculty of Science and Engineering > Research Institutes > Hamilton Institute
Item ID:	15352
Identification Number:	https://doi.org/10.3390/E22040378
Depositing User:	Dr. David Malone
Date Deposited:	31 Jan 2022 10:30
Journal or Publication Title:	Entropy
Publisher:	MDPI
Refereed:	Yes
URI:	Publisher
Use Licence:	This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here

Repository Staff Only(login required)

Item control page

Downloads

Origin of downloads