Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

Passwords are still the preferred method of user authentication for a large number of applications. In order to derive cryptographic keys from (human-entered) passwords, key-derivation functions are used. One of the most well-known key-derivation functions is the standardized PBKDF2 (RFC2898), which is used in TrueCrypt, CCMP of WPA2, and many more. In this work, we evaluate the security of PBKDF2 against password guessing attacks using state-of-the-art parallel computing architectures, with the goal to find parameters for the PBKDF2 that protect against today’s attacks. In particular we developed fast implementations of the PBKDF2 on FPGA-clusters and GPU-clusters. These two families of platforms both have a better price-performance ratio than PC-clusters and pose, thus, a great threat when running large scale guessing attacks. To the best of our knowledge, we demonstrate the fastest attacks against PBKDF2, and show that we can guess more than 65% of typical passwords in about one week.

[1]  Michael Kuperberg,et al.  Markov Models , 2019, Earthquake Statistical Analysis through Multi-state Modeling.

[2]  Eugene H. Spafford,et al.  OPUS: Preventing weak password choices , 1992, Comput. Secur..

[3]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[4]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[5]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[6]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[7]  Stuart E. Schechter,et al.  Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks , 2010, HotSec.

[8]  Lujo Bauer,et al.  Of passwords and people: measuring the effect of password-composition policies , 2011, CHI.

[9]  Tarek El-Ghazawi,et al.  Reconfigurable Computing: Architectures, Tools, and Applications , 2014, Lecture Notes in Computer Science.

[10]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[11]  Gershon Kedem,et al.  Brute Force Attack on UNIX Passwords with SIMD Computer , 1999, USENIX Security Symposium.

[12]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[13]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[14]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[15]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[16]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[17]  Ray A. Perlner,et al.  Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology (Special Publication 800-63-1) , 2012 .

[18]  Marc Efficient Password and Key recovery using Graphic Cards , 2012 .

[19]  P. Durusau,et al.  Open Document Format for Office Applications (OpenDocument) Version 1.2 , 2011 .

[20]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[21]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[22]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[23]  Eugene H. Spafford,et al.  Observing Reusable Password Choices , 1992 .

[24]  Ingrid Verbauwhede,et al.  Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking , 2006, ARC.

[25]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[26]  SOCIETY , 2008, Society.

[27]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[28]  Vincent Rijmen,et al.  The WHIRLPOOL Hashing Function , 2003 .