Salting of password hashes defeats offline dictionary attacks based on precomputation, and thus foils our hybrid attack.
Using an inefficient cipher slows the attacker down by a constant factor, and this is in
fact done in the UNIX crypt() implementation. This technique, however, can only yield
a limited benefit because of the range of platforms that the client may be running.
Javascript implementations in some browsers, for example, are extremely slow. To
improve password security and concluded that the only technique offering a
substantial long term improvement is for users to increase the entropy of the
passwords they generate.
There is also a large body of work, subsequent to the above survey, on password
authenticated cryptographic protocols and session key generation from human
memorable passwords.The objective of these protocols is to defeat offline dictionary
attacks on protocols where participants share a low-entropy secret. One drawback
of password-authenticated key exchange (PAKE) protocols is that they typically
rely on unrealistic assumptions such as multiple noncooperating servers or both
parties storing the password in plaintext (one exception is the PAK-X protocol).
Storing client passwords on the server is very dangerous in practice, yet even for
“provably secure” PAKE protocols, security proofs implicitly assume that the
server cannot be compromised.
Furthermore, its attacks apply in a limited sense even to PAKE protocols
protocols because of Markovian filters also make online dictionary attacks
much faster. Thus, our attacks call into our question whether it is ever
meaningful for humans to generate their own character-sequence passwords.
The situation can only become worse with time because hardware power grows
exponentially while human information processing capacity stays constant.
Considering that there is a fundamental conflict between memorability and high
subjective randomness, our work could have implications for the viability of
passwords as an authentication mechanism in the long run.
Using an inefficient cipher slows the attacker down by a constant factor, and this is in
fact done in the UNIX crypt() implementation. This technique, however, can only yield
a limited benefit because of the range of platforms that the client may be running.
Javascript implementations in some browsers, for example, are extremely slow. To
improve password security and concluded that the only technique offering a
substantial long term improvement is for users to increase the entropy of the
passwords they generate.
There is also a large body of work, subsequent to the above survey, on password
authenticated cryptographic protocols and session key generation from human
memorable passwords.The objective of these protocols is to defeat offline dictionary
attacks on protocols where participants share a low-entropy secret. One drawback
of password-authenticated key exchange (PAKE) protocols is that they typically
rely on unrealistic assumptions such as multiple noncooperating servers or both
parties storing the password in plaintext (one exception is the PAK-X protocol).
Storing client passwords on the server is very dangerous in practice, yet even for
“provably secure” PAKE protocols, security proofs implicitly assume that the
server cannot be compromised.
Furthermore, its attacks apply in a limited sense even to PAKE protocols
protocols because of Markovian filters also make online dictionary attacks
much faster. Thus, our attacks call into our question whether it is ever
meaningful for humans to generate their own character-sequence passwords.
The situation can only become worse with time because hardware power grows
exponentially while human information processing capacity stays constant.
Considering that there is a fundamental conflict between memorability and high
subjective randomness, our work could have implications for the viability of
passwords as an authentication mechanism in the long run.