Useful password hashing: how to waste computing cycles with style

Password-based authentication is widely used today, despite problems with security and usability. To control the negative effects of some of these problems, best practice mandates that servers do not store passwords in clear, but password hashes are used. Password hashes slow down the password verification and thus the rate of password guessing in the event of a server compromise. A slower password hash is more secure, as the attacker needs more resources to test password guesses, but at the same time it slows down password verification for the legitimate server. This puts a practical limit on the hardness of the password hash and thus the security of password storage. We propose a conceptually new method to construct password hashes called "useful" password hashes (UPHs), that do not simply waste computing cycles as other constructions do (e.g., iterating MD5 for several thousand times), but use those cycles to solve other computational problems at the same time, while still being a secure password hash. This way, we are convinced that server operators are willing to use slower password hashes, thus increasing the overall security of password-based authentication. We give three constructions, based on problems from the field of cryptography: brute-forcing block ciphers, solving discrete logarithms, and factoring integers. These constructions demonstrate that UPHs can be constructed from problems of practical interest, and we are convinced that these constructions can be adapted to a variety of other problems as well.

[1]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[2]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[3]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[4]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[5]  Carl Pomerance,et al.  A Tale of Two Sieves , 1998 .

[6]  Stuart E. Schechter,et al.  Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks , 2010, HotSec.

[7]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[8]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[9]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Tim Güneysu,et al.  Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms , 2012, ESORICS.

[11]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[12]  William E. Burr,et al.  Electronic Authentication Guideline | NIST , 2004 .

[13]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[14]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[15]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[16]  Gershon Kedem,et al.  Brute Force Attack on UNIX Passwords with SIMD Computer , 1999, USENIX Security Symposium.

[17]  Joseph A. Cazier,et al.  Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times , 2006, Inf. Secur. J. A Glob. Perspect..

[18]  Yvo Desmedt,et al.  Chinese lotto as an exhaustive code-breaking machine , 1991, Computer.

[19]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[20]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[21]  Jörg Becker,et al.  Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency , 2012, WEIS.

[22]  Lujo Bauer,et al.  Of passwords and people: measuring the effect of password-composition policies , 2011, CHI.

[23]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[24]  Marcus D. Leech Chinese Lottery Cryptanalysis Revisited: The Internet as a Codebreaking Tool , 2003, RFC.

[25]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[26]  Simon Marechal Advances in password cracking , 2007, Journal in Computer Virology.

[27]  Ray A. Perlner,et al.  Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology (Special Publication 800-63-1) , 2012 .

[28]  Claude Castelluccia,et al.  When Privacy meets Security: Leveraging personal information for password cracking , 2013, ArXiv.

[29]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[30]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[31]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[32]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[33]  Eugene H. Spafford,et al.  Observing Reusable Password Choices , 1992 .