HYPPOCRATES: a new proactive password checker

In this paper, we propose a new proactive password checker, a program which prevents the choice of easy-to-guess passwords. The checker uses a decision tree, constructed applying the minimum description length principle and a pessimistic pruning technique. Experimental results show a substantial improvement in performance of this checker compared to previous proposals. Moreover, the whole software package we provide has a user-friendly interface, enabling the system administrator to configure an ad hoc password proactive checker, in order to satisfy certain policy requirements.

[1]  Sarvar Patel,et al.  Password-Authenticated Key Exchange Based on RSA , 2000, ASIACRYPT.

[2]  William Stallings Network and Internetwork Security: Principles and Practice , 1994 .

[3]  Matt Bishop Password management , 1991, COMPCON Spring '91 Digest of Papers.

[4]  Eugene H. Spafford,et al.  OPUS: Preventing weak password choices , 1992, Comput. Secur..

[5]  Giancarlo Ruffo,et al.  High dictionary compression for proactive password checking , 1998, TSEC.

[6]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[7]  Matt Bishop,et al.  Anatomy of a Proactive Password Changer , 2004 .

[8]  J. Ross Quinlan,et al.  Simplifying decision trees , 1987, Int. J. Hum. Comput. Stud..

[9]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[10]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[11]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[12]  J. Rissanen Stochastic Complexity and Modeling , 1986 .

[13]  Ronald L. Rivest,et al.  Inferring Decision Trees Using the Minimum Description Length Principle , 1989, Inf. Comput..

[14]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[15]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[16]  M. Bishop Proactive Password Checking , 1992 .