Cracking more password hashes with patterns
Citation
Tatlı, E. İ. (2015). Cracking more password hashes with patterns. IEEE Transactions on Information Forensics and Security, 10(8), 1656-1665. https://dx.doi.org/10.1109/TIFS.2015.2422259Abstract
It is a common mistake of application developers to store user passwords within databases as plaintext or only as their unsalted hash values. Many real-life successful hacking attempts that enabled attackers to get unauthorized access to sensitive database entries including user passwords have been experienced in the past. Seizing password hashes, attackers perform brute-force, dictionary, or rainbow-table attacks to reveal plaintext passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their success rate is not sufficient. In this paper, we propose a novel method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a complex and strong password. In order to analyze and show success rates of our developed method, we performed cracking tests on real-life leaked password hashes using both a traditional dictionary and our pattern-based dictionary. We observed that our pattern-based method is superior for cracking password hashes.
WoS Q Kategorisi
Q1xmlui.dri2xhtml.METS-1.0.item-scopusquality
Q1Source
Transactions on Information Forensics and SecurityVolume
10Issue
8Collections
- Makale Koleksiyonu [190]
- Scopus İndeksli Yayınlar Koleksiyonu [6271]
- WoS İndeksli Yayınlar Koleksiyonu [6416]