Zero-Sum Password Cracking Game: A Large-Scale Empirical Study on the Crackability, Correlation, and Security of Passwords

被引：28

作者：

Ji, Shouling ^{[1
,2
]}

Yang, Shukun ^{[2
]}

Hu, Xin ^{[3
]}

Han, Weili ^{[4
]}

Li, Zhigong ^{[4
]}

Beyah, Raheem ^{[2
]}

机构：

[1] Zhejiang Univ, Coll Comp Sci & Technol, Hangzhou 310027, Zhejiang, Peoples R China

[2] Georgia Inst Technol, Sch Elect & Comp Engn, Atlanta, GA 30332 USA

[3] IBM Corp, TJ Watson Res Ctr, Armonk, NY 10504 USA

[4] Fudan Univ, Software Sch, Shanghai, Peoples R China

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2017年 / 14卷 / 05期

关键词：

Passwords; evaluation; crackability; classification; correlation; password meter; password strength;

D O I：

10.1109/TDSC.2015.2481884

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we conduct a large-scale study on the crackability, correlation, and security of similar to 145 million real world passwords, which were leaked from several popular Internet services and applications. To the best of our knowledge, this is the largest empirical study that has been conducted. Specifically, we first evaluate the crackability of similar to 145 million real world passwords against 6+ state-of-the-art password cracking algorithms in multiple scenarios. Second, we examine the effectiveness and soundness of popular commercial password strength meters (e.g.,Google, QQ) and the security impacts of username/email leakage on passwords. Finally, we discuss the implications of our results, analysis, and findings, which are expected to help both password users and system administrators to gain a deeper understanding of the vulnerability of real passwords against state-of-the-art password cracking algorithms, as well as to shed light on future password security research topics.

引用

页码：550 / 564

页数：15

共 11 条

[1] Understanding Offline Password-Cracking Methods: A Large-Scale Empirical Study
Shi, Ruixin
Zhou, Yongbin
Li, Yong
Han, Weili
SECURITY AND COMMUNICATION NETWORKS, 2021, 2021
[2] On Solving Large-Scale Low-Rank Zero-Sum Security Games of Incomplete Information
Monga, Amnol
Zhu, Quanyan
2016 8TH IEEE INTERNATIONAL WORKSHOP ON INFORMATION FORENSICS AND SECURITY (WIFS 2016), 2016,
[3] Decentralised zero-sum differential game for a class of large-scale interconnected systems via adaptive dynamic programming
Sun, Jingliang
Liu, Chunsheng
INTERNATIONAL JOURNAL OF CONTROL, 2019, 92 (12) : 2917 - 2927
[4] A Large-Scale Empirical Study of Security Patches
Li, Frank
Paxson, Vern
CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 2201 - 2215
[5] A two-resource allocation algorithm with an application to large-scale zero-sum defensive games
Golany, B.
Goldberg, N.
Rothblum, U. G.
COMPUTERS & OPERATIONS RESEARCH, 2017, 78 : 218 - 229
[6] Large-scale multinational shocks and international trade: a non-zero-sum game
Bardazzi, Rossella
Ghezzi, Leonardo
ECONOMIC SYSTEMS RESEARCH, 2022, 34 (04) : 383 - 409
[7] A test of construct isomorphism of the Belief in a Zero-Sum Game scale: A multilevel 43-nation study
Rozycka-Tran, Joanna
Alessandri, Guido
Jurek, Pawel
Olech, Michal
PLOS ONE, 2018, 13 (09):
[8] Machine learning driven extended matrix norm method for the solution of large-scale zero-sum matrix games
Izgi, Burhaneddin
Ozkaya, Murat
Ure, Nazim Kemal
Perc, Matjaz
JOURNAL OF COMPUTATIONAL SCIENCE, 2023, 68
[9] PDGraph: A Large-Scale Empirical Study on Project Dependency of Security Vulnerabilities
Li, Qiang
Song, Jinke
Tan, Dawei
Wang, Haining
Liu, Jiqiang
51ST ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2021), 2021, : 161 - 173
[10] Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security
Zhang, Mengyuan
de Carnavalet, Xavier de Carne
Wang, Lingyu
Ragab, Ahmed
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (09) : 2315 - 2330

← 1 2 →