Cracking more password hashes with patterns
| dc.authorid | 0000-0003-4562-8486 | |
| dc.contributor.author | Tatlı, Emin İslam | |
| dc.date.accessioned | 10.07.201910:49:13 | |
| dc.date.accessioned | 2019-07-10T19:56:20Z | |
| dc.date.available | 10.07.201910:49:13 | |
| dc.date.available | 2019-07-10T19:56:20Z | |
| dc.date.issued | 2015 | |
| dc.department | İstanbul Medipol Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Elektrik ve Elektronik Mühendisliği Bölümü | |
| dc.description | WOS: 000359984600009 | |
| dc.description.abstract | It is a common mistake of application developers to store user passwords within databases as plaintext or only as their unsalted hash values. Many real-life successful hacking attempts that enabled attackers to get unauthorized access to sensitive database entries including user passwords have been experienced in the past. Seizing password hashes, attackers perform brute-force, dictionary, or rainbow-table attacks to reveal plaintext passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their success rate is not sufficient. In this paper, we propose a novel method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a complex and strong password. In order to analyze and show success rates of our developed method, we performed cracking tests on real-life leaked password hashes using both a traditional dictionary and our pattern-based dictionary. We observed that our pattern-based method is superior for cracking password hashes. | |
| dc.identifier.citation | Tatlı, E. İ. (2015). Cracking more password hashes with patterns. IEEE Transactions on Information Forensics and Security, 10(8), 1656-1665. https://dx.doi.org/10.1109/TIFS.2015.2422259 | |
| dc.identifier.doi | 10.1109/TIFS.2015.2422259 | |
| dc.identifier.endpage | 1665 | |
| dc.identifier.issn | 1556-6013 | |
| dc.identifier.issn | 1556-6021 | |
| dc.identifier.issue | 8 | |
| dc.identifier.scopusquality | Q1 | |
| dc.identifier.startpage | 1656 | |
| dc.identifier.uri | https://dx.doi.org/10.1109/TIFS.2015.2422259 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12511/2667 | |
| dc.identifier.volume | 10 | |
| dc.identifier.wosquality | Q1 | |
| dc.indekslendigikaynak | Web of Science | |
| dc.indekslendigikaynak | Scopus | |
| dc.language.iso | en | |
| dc.publisher | Institute of Electrical and Electronics Engineers | |
| dc.relation.ispartof | Transactions on Information Forensics and Security | en_US |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | |
| dc.rights | info:eu-repo/semantics/embargoedAccess | |
| dc.subject | Password Security | |
| dc.subject | Authentication | |
| dc.subject | Data Security | |
| dc.subject | Dictionary Attacks | |
| dc.subject | Hash Cracking | |
| dc.title | Cracking more password hashes with patterns | |
| dc.type | Article |
Dosyalar
Orijinal paket
1 - 1 / 1
Küçük Resim Yok
- İsim:
- tatli, emin-2015.pdf
- Boyut:
- 3.93 MB
- Biçim:
- Adobe Portable Document Format
- Açıklama:
- Tam Metin / Full Text
