Popularity is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks
Authors: Stuart Schechter, Cormac Herley, Michael Mitzenmacher

Date: 2010
Publication: Proceedings of the 5th USENIX conference on Hot topics in security, HotSec'10
Publisher: USENIX
Source 1: http://research.microsoft.com/pubs/132859/popularityISeverything.pdf
Source 2: http://www.eecs.harvard.edu/~michaelm/postscripts/hotsec2010.pdf
Source 3: http://static.usenix.org/events/hotsec10/tech/full_papers/Schechter.pdf

Abstract or Summary:
We propose to strengthen user-selected passwords against statistical-guessing attacks by allowing users of Internet-scale systems to choose any password they want--so long as it's not already too popular with other users. We create an oracle to identify undesirably popular passwords using an existing data structure known as a count-min sketch, which we populate with existing users' passwords and update with each new user password. Unlike most applications of probabilistic data structures, which seek to achieve only a maximum acceptable rate false-positives, we set a minimum acceptable false-positive rate to confound attackers who might query the oracle or even obtain a copy of it.

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com