A Novel Approach to Proactive Password Checking

  • Carlo Blundo
  • Paolo D’Arco
  • Alfredo De Santis
  • Clemente Galdi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2437)


In this paper we propose a novel approach to strength password-based access control strategies. We describe a proactive password checker which uses a perceptron to decide whether a user’s password is easy-to-guess. The checker is simple and efficient, and it works since easy and hard-to-guess passwords seem to be linearly separable. Experimental results show that the error rates in many cases are close to zero, memory requirements can be quantified in few bytes, and the answers to classification queries are almost immediate. This research opens new directions to investigate on the applicability of neural network techniques to data security environments.


Data Security Access Control Proactive Password Checking Perceptron Neural Network 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    F. Bergadano, B. Crispo, and G. Ruffo, High Dictionary Compression for Proactive Password Checking, ACM Transactions on Information and System Security, Vol. 1, No. 1, pp. 3–25, November 1998.CrossRefGoogle Scholar
  2. 2.
    R. Beale and T. Jackson, Neural Computing: An Introduction, IOP Publishing Ltd, Institute of Physics, 1990.Google Scholar
  3. 3.
    M. Bishop, Proactive Password Checking, in Proceedings of 4thWorkshop on Computer Security Incident Handling, 1992.Google Scholar
  4. 4.
    M. Bishop, Improving System Security via Proactive Password Checking, Computers and Security, Vol. 14, No. 3, pp. 233–249, 1995.CrossRefGoogle Scholar
  5. 5.
    B. Bloom, Space/Time Trade-offs in Hash Coding with Allowable Errors, Communications of ACM, July 1970.Google Scholar
  6. 6.
    C. Blundo, P. D’Arco, A. De Santis, and C. Galdi, Hyppocrates: A new Proactive Password Checker, Proocedings of ISC01, Springer-Verlag, LNCS, Vol. 2200, Malaga, October 1–3, 2001.Google Scholar
  7. 7.
    C. Davies, and R. Ganesan, Bapasswd: A new proactive password checker. In Proceedings of the 16th National Conference on Computer Security (Baltimore, MD, Sept. 20–23).Google Scholar
  8. 8.
    D. Klein, Foiling the Cracker: A Survey of, and Improvements to, Password Security. Proceedings of the Fifth Data Communications Symposium, September 1977.Google Scholar
  9. 9.
    A. Muffett, Crack 5.0, USENETNews.Google Scholar
  10. 10.
    J. B. Nagle, An obvious password detector. USENETNews.Google Scholar
  11. 11.
    E. Spafford, OPUS: Preventing Weak Password Choices in Computers and Security, No. 3, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Carlo Blundo
    • 1
  • Paolo D’Arco
    • 2
  • Alfredo De Santis
    • 1
  • Clemente Galdi
    • 3
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoBaronissiITALY
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada
  3. 3.Computer Technology Institute and Dept. of Computer Engineering and InformaticsUniversity of PatrasRioGreece

Personalised recommendations