dc.contributor.author | Tatlı, Emin İslam | |
dc.date.accessioned | 10.07.201910:49:13 | |
dc.date.accessioned | 2019-07-10T19:56:20Z | |
dc.date.available | 10.07.201910:49:13 | |
dc.date.available | 2019-07-10T19:56:20Z | |
dc.date.issued | 2015 | en_US |
dc.identifier.citation | Tatlı, E. İ. (2015). Cracking more password hashes with patterns. IEEE Transactions on Information Forensics and Security, 10(8), 1656-1665. https://dx.doi.org/10.1109/TIFS.2015.2422259 | en_US |
dc.identifier.issn | 1556-6013 | |
dc.identifier.issn | 1556-6021 | |
dc.identifier.uri | https://dx.doi.org/10.1109/TIFS.2015.2422259 | |
dc.identifier.uri | https://hdl.handle.net/20.500.12511/2667 | |
dc.description | WOS: 000359984600009 | en_US |
dc.description.abstract | It is a common mistake of application developers to store user passwords within databases as plaintext or only as their unsalted hash values. Many real-life successful hacking attempts that enabled attackers to get unauthorized access to sensitive database entries including user passwords have been experienced in the past. Seizing password hashes, attackers perform brute-force, dictionary, or rainbow-table attacks to reveal plaintext passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their success rate is not sufficient. In this paper, we propose a novel method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a complex and strong password. In order to analyze and show success rates of our developed method, we performed cracking tests on real-life leaked password hashes using both a traditional dictionary and our pattern-based dictionary. We observed that our pattern-based method is superior for cracking password hashes. | en_US |
dc.language.iso | eng | en_US |
dc.publisher | Institute of Electrical and Electronics Engineers | en_US |
dc.rights | info:eu-repo/semantics/embargoedAccess | en_US |
dc.subject | Password Security | en_US |
dc.subject | Authentication | en_US |
dc.subject | Data Security | en_US |
dc.subject | Dictionary Attacks | en_US |
dc.subject | Hash Cracking | en_US |
dc.title | Cracking more password hashes with patterns | en_US |
dc.type | article | en_US |
dc.relation.ispartof | Transactions on Information Forensics and Security | en_US |
dc.department | İstanbul Medipol Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Elektrik ve Elektronik Mühendisliği Bölümü | en_US |
dc.authorid | 0000-0003-4562-8486 | en_US |
dc.identifier.volume | 10 | en_US |
dc.identifier.issue | 8 | en_US |
dc.identifier.startpage | 1656 | en_US |
dc.identifier.endpage | 1665 | en_US |
dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
dc.identifier.doi | 10.1109/TIFS.2015.2422259 | en_US |
dc.identifier.wosquality | Q1 | en_US |
dc.identifier.scopusquality | Q1 | en_US |