GOTCHA Challenge (Un)Solved

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)

Abstract

Password-based authentication is common due to its high usability and simplicity to implement; however, it raises many security problems. This implies a continuous effort in designing new password-based authentication techniques. J. Blocki, M. Blum and A. Datta introduced GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), an innovative method to perform password-based authentication: a challenge-response mechanism that gives humans a great advantage over machines. The authors of GOTCHA proposed a public challenge to test its strength. We disclosed all 5 passwords of the first round, because of a leakage in the released code. In this paper, we present our attack: an improved brute-force that revealed each of the 7-digit password in less than 0.5 h and the 8-digit password in approximately 1.5 h on a personal laptop.

Keywords

GOTCHA challenge Password-based authentication Hash functions Offline attacks Dictionary attacks 

References

  1. 1.
    Blocki, J. Blum, M., Datta A.: GOTCHA password hackers!. In: AISec’13 Proceedings of the 2013 ACM workshop on Artificial Intelligence and Security, pp. 25–35 (2013)Google Scholar
  2. 2.
    GOTCHA Challenge. http://www.cs.cmu.edu/jblocki/GOTCHA-Challenge.html. Accessed Jan 2015
  3. 3.
    New York Times—If Your Password Is 123456, Just Make It HackMe. http://www.nytimes.com/2010/01/21/technology/21password.html?_r=0. Accessed Jan 2015
  4. 4.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. Adv. Crypt.—CRYPTO 2003, 617–630 (2003)MathSciNetGoogle Scholar
  5. 5.
    CAPTCHA: Telling Humans and Computers Apart Automatically. http://www.captcha.net/. Accessed Jan 2015
  6. 6.
    RSA Laboratories—The RSA Factoring Challenge. http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-factoring-challenge.htm. Accessed Jan 2015
  7. 7.
    Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, pp. 81–91 (1999)Google Scholar
  8. 8.
    GIMP—The GNU Image Manipulation Program. http://www.gimp.org/. Accessed Jan 2015

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BucharestBucharestRomania

Personalised recommendations