FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3035133096> ?p ?o ?g. }

• W3035133096 abstract "We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with $10^5$ hash iterations exceeds 2017 NIST minimum recommendation by an order of magnitude. Nevertheless, our analysis paints a bleak picture: the adopted key-stretching levels provide insufficient protection for user passwords. In particular, we present strong evidence that most user passwords follow a Zipf's law distribution, and characterize the behavior of a rational attacker when user passwords are selected from a Zipf's law distribution. We show that there is a finite threshold which depends on the Zipf's law parameters that characterizes the behavior of a rational attacker -- if the value of a cracked password (normalized by the cost of computing the password hash function) exceeds this threshold then the adversary's optimal strategy is always to continue attacking until each user password has been cracked. In all cases (Yahoo!, Dropbox, LastPass and AshleyMadison) we find that the value of a cracked password almost certainly exceeds this threshold meaning that a rational attacker would crack all passwords that are selected from the Zipf's law distribution (i.e., most user passwords). This prediction holds even if we incorporate an aggressive model of diminishing returns for the attacker (e.g., the total value of $500$ million cracked passwords is less than $100$ times the total value of $5$ million passwords). See paper for full abstract." @default.
• W3035133096 created "2020-06-19" @default.
• W3035133096 creator A5018283928 @default.
• W3035133096 creator A5021845496 @default.
• W3035133096 creator A5028278191 @default.
• W3035133096 date "2018-05-01" @default.
• W3035133096 modified "2023-10-12" @default.
• W3035133096 title "On the Economics of Offline Password Cracking" @default.
• W3035133096 cites W1237159827 @default.
• W3035133096 cites W1652517948 @default.
• W3035133096 cites W1788061570 @default.
• W3035133096 cites W1971881814 @default.
• W3035133096 cites W1987516957 @default.
• W3035133096 cites W2007488200 @default.
• W3035133096 cites W2014833947 @default.
• W3035133096 cites W2019578814 @default.
• W3035133096 cites W2030112111 @default.
• W3035133096 cites W2037202491 @default.
• W3035133096 cites W2048584594 @default.
• W3035133096 cites W2048755632 @default.
• W3035133096 cites W2050296478 @default.
• W3035133096 cites W2050399908 @default.
• W3035133096 cites W2063239745 @default.
• W3035133096 cites W2072573758 @default.
• W3035133096 cites W2086553822 @default.
• W3035133096 cites W2089666999 @default.
• W3035133096 cites W2091833612 @default.
• W3035133096 cites W2093397575 @default.
• W3035133096 cites W2100783932 @default.
• W3035133096 cites W2113266120 @default.
• W3035133096 cites W2121386924 @default.
• W3035133096 cites W2146270836 @default.
• W3035133096 cites W2149473266 @default.
• W3035133096 cites W2149929743 @default.
• W3035133096 cites W2150341374 @default.
• W3035133096 cites W2218132318 @default.
• W3035133096 cites W2346878720 @default.
• W3035133096 cites W2354711464 @default.
• W3035133096 cites W2396652156 @default.
• W3035133096 cites W2439469608 @default.
• W3035133096 cites W2519160529 @default.
• W3035133096 cites W2538793708 @default.
• W3035133096 cites W2578455612 @default.
• W3035133096 cites W2612601170 @default.
• W3035133096 cites W2613194369 @default.
• W3035133096 cites W2644662048 @default.
• W3035133096 cites W2680793898 @default.
• W3035133096 cites W2725276488 @default.
• W3035133096 cites W2729715767 @default.
• W3035133096 cites W2765893588 @default.
• W3035133096 cites W2766615649 @default.
• W3035133096 cites W284664886 @default.
• W3035133096 cites W2951341567 @default.
• W3035133096 cites W3099042773 @default.
• W3035133096 cites W3103340913 @default.
• W3035133096 cites W4247857566 @default.
• W3035133096 doi "https://doi.org/10.1109/sp.2018.00009" @default.
• W3035133096 hasPublicationYear "2018" @default.
• W3035133096 type Work @default.
• W3035133096 sameAs 3035133096 @default.
• W3035133096 citedByCount "25" @default.
• W3035133096 countsByYear W30351330962018 @default.
• W3035133096 countsByYear W30351330962019 @default.
• W3035133096 countsByYear W30351330962020 @default.
• W3035133096 countsByYear W30351330962021 @default.
• W3035133096 countsByYear W30351330962022 @default.
• W3035133096 countsByYear W30351330962023 @default.
• W3035133096 crossrefType "proceedings-article" @default.
• W3035133096 hasAuthorship W3035133096A5018283928 @default.
• W3035133096 hasAuthorship W3035133096A5021845496 @default.
• W3035133096 hasAuthorship W3035133096A5028278191 @default.
• W3035133096 hasBestOaLocation W30351330961 @default.
• W3035133096 hasConcept C109297577 @default.
• W3035133096 hasConcept C159985019 @default.
• W3035133096 hasConcept C192562407 @default.
• W3035133096 hasConcept C38652104 @default.
• W3035133096 hasConcept C41008148 @default.
• W3035133096 hasConcept C58396970 @default.
• W3035133096 hasConceptScore W3035133096C109297577 @default.
• W3035133096 hasConceptScore W3035133096C159985019 @default.
• W3035133096 hasConceptScore W3035133096C192562407 @default.
• W3035133096 hasConceptScore W3035133096C38652104 @default.
• W3035133096 hasConceptScore W3035133096C41008148 @default.
• W3035133096 hasConceptScore W3035133096C58396970 @default.
• W3035133096 hasLocation W30351330961 @default.
• W3035133096 hasLocation W30351330962 @default.
• W3035133096 hasOpenAccess W3035133096 @default.
• W3035133096 hasPrimaryLocation W30351330961 @default.
• W3035133096 hasRelatedWork W107495730 @default.
• W3035133096 hasRelatedWork W1559679353 @default.
• W3035133096 hasRelatedWork W2159759652 @default.
• W3035133096 hasRelatedWork W2352320372 @default.
• W3035133096 hasRelatedWork W2393386861 @default.
• W3035133096 hasRelatedWork W2396193826 @default.
• W3035133096 hasRelatedWork W2553719323 @default.
• W3035133096 hasRelatedWork W2732515859 @default.
• W3035133096 hasRelatedWork W2954460680 @default.
• W3035133096 hasRelatedWork W2185274381 @default.
• W3035133096 isParatext "false" @default.
• W3035133096 isRetracted "false" @default.

• next