GOTCHA Challenge (Un)Solved

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)

Abstract

Password-based authentication is common due to its high usability and simplicity to implement; however, it raises many security problems. This implies a continuous effort in designing new password-based authentication techniques. J. Blocki, M. Blum and A. Datta introduced GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), an innovative method to perform password-based authentication: a challenge-response mechanism that gives humans a great advantage over machines. The authors of GOTCHA proposed a public challenge to test its strength. We disclosed all 5 passwords of the first round, because of a leakage in the released code. In this paper, we present our attack: an improved brute-force that revealed each of the 7-digit password in less than 0.5 h and the 8-digit password in approximately 1.5 h on a personal laptop.

Keywords

GOTCHA challenge Password-based authentication Hash functions Offline attacks Dictionary attacks 

Notes

Acknowledgments

The author would like to thank Alex Gatej for informing about the GOTCHA challenge.

References

  1. 1.
    Blocki, J. Blum, M., Datta A.: GOTCHA password hackers!. In: AISec’13 Proceedings of the 2013 ACM workshop on Artificial Intelligence and Security, pp. 25–35 (2013)Google Scholar
  2. 2.
    GOTCHA Challenge. http://www.cs.cmu.edu/jblocki/GOTCHA-Challenge.html. Accessed Jan 2015
  3. 3.
    New York Times—If Your Password Is 123456, Just Make It HackMe. http://www.nytimes.com/2010/01/21/technology/21password.html?_r=0. Accessed Jan 2015
  4. 4.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. Adv. Crypt.—CRYPTO 2003, 617–630 (2003)MathSciNetGoogle Scholar
  5. 5.
    CAPTCHA: Telling Humans and Computers Apart Automatically. http://www.captcha.net/. Accessed Jan 2015
  6. 6.
    RSA Laboratories—The RSA Factoring Challenge. http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-factoring-challenge.htm. Accessed Jan 2015
  7. 7.
    Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, pp. 81–91 (1999)Google Scholar
  8. 8.
    GIMP—The GNU Image Manipulation Program. http://www.gimp.org/. Accessed Jan 2015

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BucharestBucharestRomania

Personalised recommendations