The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm

Pelchen, Chris; Jaeger, David; Cheng, Feng; Meinel, Christoph

doi:10.1007/978-3-030-34339-2_27

The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm

Chris Pelchen¹⁰,
David Jaeger¹⁰,
Feng Cheng¹⁰ &
…
Christoph Meinel¹⁰

Conference paper
First Online: 06 November 2019

1081 Accesses
1 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11879))

Abstract

Password-based authentication remains the main method of user authentication in computer systems. In case of a leak of the user database, the obfuscated storage of passwords is the last remaining protection of credentials. The strength of a password determines how hard it is to crack a password hash for uncovering the plain text password. Internet users often ignore recommended password guidelines and choose weak passwords that are easy to guess. In addition, service providers do not warn users that their chosen passwords are not secure enough. In this work we present a semi-automatic password cracking algorithm that orders and executes user-chosen password cracking attacks based on their efficiency. With our new approach, we are able to accelerate the cracking of password hashes and to demonstrate that weak passwords are still a serious security risk. The intention of this work is to point out that the usage of weak passwords holds great dangers for both the user and the service provider.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
Password analysis and cracking kit (Version 0.0.4) - https://github.com/iphelix/pack (accessed 1 April 2019).
2.
https://haveibeenpwned.com/Passwords, (accessed 1 April 2019).

References

Golla, M., Dürmuth, M.: On the accuracy of password strength meters. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1567–1582. ACM, New York (2018). https://doi.org/10.1145/3243734.3243769
National Institue of Standards and Techonology: Digital Identity Guidelines - Authentication and Lifecycle Management (NIST Special Publication 800–63B) (5 2018)
Google Scholar

Download references

Author information

Authors and Affiliations

Hasso Plattner Institute for Digital Engineering gGmbH, Potsdam, Germany
Chris Pelchen, David Jaeger, Feng Cheng & Christoph Meinel

Authors

Chris Pelchen
View author publications
You can also search for this author in PubMed Google Scholar
David Jaeger
View author publications
You can also search for this author in PubMed Google Scholar
Feng Cheng
View author publications
You can also search for this author in PubMed Google Scholar
Christoph Meinel
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chris Pelchen .

Editor information

Editors and Affiliations

Multimedia University, Malacca, Malaysia
Swee-Huay Heng
University of Malaga, Malaga, Spain
Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pelchen, C., Jaeger, D., Cheng, F., Meinel, C. (2019). The (Persistent) Threat of Weak Passwords: Implementation of a Semi-automatic Password-Cracking Algorithm. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_27

Download citation

DOI: https://doi.org/10.1007/978-3-030-34339-2_27
Published: 06 November 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34338-5
Online ISBN: 978-3-030-34339-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics