Fast dictionary attacks on passwords using time-space tradeoff

Human-memorable passwords are a mainstay of computer security. To decrease vulnerability of passwords to brute-force dictionary attacks, many organizations enforce complicated password-creation rules and require that passwords include numerals and special characters. We demonstrate that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large.Our first insight is that the distribution of letters in easy-to-remember passwords is likely to be similar to the distribution of letters in the users' native language. Using standard Markov modeling techniques from natural language processing, this can be used to dramatically reduce the size of the password space to be searched. Our second contribution is an algorithm for efficient enumeration of the remaining password space. This allows application of time-space tradeoff techniques, limiting memory accesses to a relatively small table of "partial dictionary" sizes and enabling a very fast dictionary attack.We evaluated our method on a database of real-world user password hashes. Our algorithm successfully recovered 67.6% of the passwords using a 2 x 109 search space. This is a much higher percentage than Oechslin's "rainbow" attack, which is the fastest currently known technique for searching large keyspaces. These results call into question viability of human-memorable character-sequence passwords as an authentication mechanism.

[1]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[2]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[3]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[4]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[5]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[6]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[7]  Amos Fiat,et al.  Rigorous time/space tradeoffs for inverting functions , 1991, STOC '91.

[8]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[10]  Tsutomu Matsumoto,et al.  Optimization of Time-Memory Trade-Off Cryptanalysis and Its Application to DES, FEAL-32, and Skipjack (Special Section on Cryptography and Information Security) , 1996 .

[11]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[12]  Joos Vandewalle,et al.  On the time-memory tradeoff between exhaustive key search and table precomputation , 1998 .

[13]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[14]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[15]  Tsutomu Matsumoto,et al.  Achieving higher success probability in time-memory trade-off crypt analysis without increasing memory size , 1999 .

[16]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[17]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[18]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, CRYPTO.

[19]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[20]  Jean-Didier Legat,et al.  A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results , 2002, CHES.

[21]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[22]  J. Tenenbaum,et al.  Probability, algorithmic complexity, and subjective randomness , 2003 .

[23]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[24]  Thomas L. Griffiths,et al.  From Algorithmic to Subjective Randomness , 2003, NIPS.

[25]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[26]  Paul C. van Oorschot,et al.  Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop (Extended Abstract) , 2004, Financial Cryptography.

[27]  Julie Thorpe,et al.  Graphical Dictionaries and the Memorable Space of Graphical Passwords , 2004, USENIX Security Symposium.

[28]  Craig Gentry,et al.  Password authenticated key exchange using hidden smooth subgroups , 2005, CCS '05.