Presentation on theme: "1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton."— Presentation transcript:
1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton
2 J. Alex Halderman Web site password overload Generating, keeping secret, and recalling passwords for scores of sites Leads to insecure coping techniques – Writing passwords down – Reusing same passwords Difficult to enforce better behavior We need to make password security easy ****ing Passwords!
3 J. Alex Halderman In This Talk 1.Approaches to password management 2.Our construction and its security 3.Comparison with other techniques 4.Demonstration of our implementation 5.Future work and conclusions
4 J. Alex Halderman Approaches to Password Mgmt Local encrypted storage e.g., Password Safe (1998) –Cumbersome to access from multiple locations Centralized remote authentication e.g., Microsoft Passport (1999) –Needs server-side changes, trusted third party Cryptographic password generation e.g., LPWA (1997), PwdHash (2004), our scheme (2004)
5 J. Alex Halderman Password Generators Master Password“amazon.com” Hash() “wrbPzdqS” Use as your Amazon password A simple idea, but hard to get right! E.g.: LPWA, PwdHash Client software derives individual site passwords using deterministic one-way function Users sets all site passwords to function output Only need to remember master password to recreate all site passwords—highly transportable!
6 J. Alex Halderman == Stealing the Master Password Adversary learns password from low-security site Password Guess “yahoo.com” Hash () “RWwsYlTi” “LZIniBNd” =? Dictionary attack to learn master password Can access all other password-managed sites “rover”“lassie”“spot”“fido” “LZIniBNd”“H2VeusSq”“CJPZfAKx” amazon.com wrbPzdqS gmail.com obIDmogl citibank.com sX4rLlO1 “spot” Easy to execute because scheme use fast hashes
7 J. Alex Halderman Thwarting Brute Force Attacks attack cost = ½ × dictionary size × cost per guess Hard to increase dictionary size User habits hard to change, limits on human memory Increase cost per guess by using slower hash –Used elsewhere to protect password verification routines (UNIX crypt) –Our approach: iterated hash Security vs. usability tradeoff User has to wait too! — Cache intermediate results
8 J. Alex Halderman Our Construction Master password “MyD06ReX” User identity “email@example.com” H k 1 () “wrb8zdqS” User’s site password for “amazon.com” H k 2 () Target site “amazon.com” Local Cache (k 1 >> k 2 ) Initialization Phase Generation Phase Mapping Master password (again)
9 J. Alex Halderman Security Analysis Four attack scenarios: 1.No information 2.Stolen site password 3.Stolen cache data 4.Stolen cache + site password Primary concern is offline attacks. ? ? ? Increasing external difficulty
10 J. Alex Halderman Security of Our Scheme Attack scenario Hashes/ guess Time/ guess 1. No informationN/A 2. Stolen site passwordk1+k2k1+k2 100.1s 3. Stolen cache datak1k1 100s 4. Stolen cache + site passwordk2k2 0.1s
11 J. Alex Halderman Relative Attack Resistance Estimated time to test 100,000 guesses Scheme Stolen password Stolen data Stolen pw and data Password SafeN/A74.6 secs LPWA0.5 secsN/A PwdHash0.1 secsN/A Our Scheme116 days 2.8 hours
12 J. Alex Halderman Equivalent Password Length **** ******** *********
13 J. Alex Halderman Password Multiplier Extension for Mozilla Firefox Windows, Mac OS X, and Linux Tightly integrated with browser Double-click any password field to fill in Balanced security and convenience –Initialization — 10 8 iterations, ~100 seconds (Only once per installation) –Password generation — 10 5 iterations, ~0.1 secs (Before every password operation)
14 J. Alex Halderman Password Multiplier — Demo
15 J. Alex Halderman Future Improvements Flexible password formatting Cope with sites that require numbers, punctuation, special patterns Easier password changes Manually and at regular intervals Improved anti-spoofing Adopt techniques from PwdHash Port to Internet Explorer, others Require additional “state”
16 J. Alex Halderman Summary — Our scheme: Provides password access from anywhere our software can be executed Asks user to remember only one short password Requires no server-side changes Does not require trusting a third-party service Nearly as secure as independent random pwds Likely much more secure than what you do now Is practical, available today, and free http://www.cs.princeton.edu/~jhalderm/projects/password/
17 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton
Your consent to our cookies if you continue to use this website.