论文信息 - A simple scheme to make passwords based on one-way functions much harder to crack

A simple scheme to make passwords based on one-way functions much harder to crack

We present a simple scheme that makes guessing passwords based on one-way functions 100 to 1000 times harder. The scheme is easy to program and easy to incrementally add to existing schemes. In particular, there is no need to switch to it all at the same time. Old passwords will still work and have the same security as before (one will not be able to distinguish them from new passwords); newly-entered passwords will become much more secure. The new scheme is independent of the one-way function used and does not require changing any part of the encryption mechanism.

Udi Manber | U. Manber

[1] Clifford Stoll,et al. The Cuckoo's Egg , 1989 .

[2] Eugene H. Spafford,et al. OPUS: Preventing weak password choices , 1992, Comput. Secur..

[3] Simson L. Garfinkel,et al. Practical UNIX Security , 1991 .

[4] Arthur E. Oldehoeft,et al. A survey of password mechanisms: Weaknesses and potential improvements. Part 2 , 1989, Comput. Secur..

[5] Udi Manber,et al. An Algorithm for Approximate Membership checking with Application to Password Security , 1994, Inf. Process. Lett..

[6] Stephen G. Kochan,et al. Unix System Security , 1986 .

[7] Ken Thompson,et al. Password security: a case history , 1979, CACM.

[8] David C. Feldmeier,et al. UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[9] Arthur E. Oldehoeft,et al. A survey of password mechanisms: Weaknesses and potential improvements. Part 1 , 1989, Comput. Secur..

[10] Jim Reid,et al. Open systems security: Traps and pitfalls , 1995, Comput. Secur..

[11] Daniel V. Klein. ‘ ‘ Foiling the Cracker ’ ’ : yA Survey of , and Improvements to , Password Securit , 1990 .

[12] Maurice V. Wilkes,et al. Time-sharing computer systems , 1968 .