论文信息 - A survey of password mechanisms: Weaknesses and potential improvements. Part 1

A survey of password mechanisms: Weaknesses and potential improvements. Part 1

While research continues on more sophisticated methods of authentication, password mechanisms remain the predominant method of ident$ing computer system users. In this paper, the goals of authentication are reviewed, and the strengths and vulnerabilities of password mechanisms are discussed. The 4.3 Berkeley Software Distribution (4.3BSD) version of UNIX is used as a case study throughout the paper. Several recommendations are presented for the improvement of password mechanisms. In particular, a simple extension of the UNIX password system is described that permits the use of pass-phrases.

Arthur E. Oldehoeft | David L. Jobusch | A. Oldehoeft

[1] CharlesCresson Wood,et al. Administrative controls for password-based computer access control systems , 1986 .

[2] David Lipton. Logical authentication method , 1986, SGSC.

[3] Jason Gait,et al. Easy entry: the password encryption problem , 1978, OPSR.

[4] Donn Seeley,et al. A Tour of the Worm , 1988 .

[5] Sig Porter,et al. A password extension for improved human factors , 1982, Comput. Secur..

[6] Jon A. Rochlis,et al. With microscope and tweezers: the worm from MIT's perspective , 1989, Commun. ACM.

[7] Martin E. Hellman,et al. On the security of multiple encryption , 1981, CACM.

[8] George B. Purdy,et al. A high security log-in procedure , 1974, Commun. ACM.

[9] Belden Menkus,et al. Understanding the use of passwords , 1988, Comput. Secur..

[10] Raymond W. Turner,et al. Operating Systems: Design and Implementation , 1990 .

[11] Brian Reid,et al. Reflections on some recent widespread computer break-ins , 1991 .

[12] Clifford Stoll,et al. Stalking the wily hacker , 1988, CACM.

[13] Helen Marie Wood,et al. The use of passwords for controlled access to computer resources. , 1977 .