Sciweavers

ACSAC
2015
IEEE

ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage

8 years 7 months ago
ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage
In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to prevent off-site password discovery, and a deception mechanism to alert us if such an action is attempted. Our scheme can be easily integrated with legacy systems without the need of any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme 1 However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatzpasswords — the “fake passwords”. When an attempt to login usi...
Mohammed H. Almeshekah, Christopher N. Gutierrez,
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Where ACSAC
Authors Mohammed H. Almeshekah, Christopher N. Gutierrez, Mikhail J. Atallah, Eugene H. Spafford
Comments (0)