Passwords – No Longer Viable

Arvind Narayanan

Vitaly Shmatikov

Univ. of Texas at Austin

(stuck in cowboy country )

Greek mythology

Kerberos is tamed by the Lyre of Orpheus

Today

Candy breaks computer security

70% of people will give up their password for a candy bar!

Secure, Easy to Remember – Pick any one

Organizations implement cumbersome password rules – require

mixed case, numerals, special characters, etc.

The goal is for passwords to be secure as well as easy to

remember.

We show that there is an inherent conflict between these goals!

WordsNames

Numbers

Alphabets

Randomness

Morph Password

Modeling Human Password Generation

Memorability vs. Security

Assume we had a fast algorithm that perfectly reproduces the Morph procedure.

Memorability is inversely related to randomness.

Cryptanalysis time is directly related to randomness.

So memorability and cryptanalysis time are inversely related – if we can precisely model human password generation!

One of our techniques - Markov Modeling

● sasetcki● eshembec● ertemenu● sleeteat● methesen

● wovmgrbl● vfxalnre● gnhkzdhl● ejvzhrfb● sxnsmvql

The words on the right were generated using MM1

They are more pronouncable than random character strings,on the left.

Coverage

Key

spac

e re

duct

ion

fact

or

With 80% coverage we can get 25-fold compression!

Current state of the art – Rainbow attack

● Word list size is 3 x 1012

● All alphanumeric passwords of length 8● Compressed database size is 48 GB● Cryptanalysis time is 40 minutes ● Amortized time is only 10 minutes

What we did

• Extend timespace tradeoff to “implicit dictionaries”.• Same efficiency as rainbow attack, increased coverage.

Coverage comparison

Category Count Success(rainbow) Success(hybrid)

Length at most 5 63 29 63

Length 6 21 10 17

Length 7 18 0 0

Length 8, only alphabets 9 0 6

Others 31 0 0

Total 142 39 96

Total (length at least 6) 79 10(12.7%) 33(41.8%)

Word list size for above results was about 2 x 109

With a larger word list size of 3 x 1012,

we believe we can get a 90% success rate.

If not passwords, then what?

● What about biometric?

• Biometric identification is good.• Biometric authentication is brain-damaged.

• PAKE (Password based Authenticated Key Exchange)

• Good for some, but not all scenarios.• Serge will talk about it tomorrow (and Zully later today).

BOFH syndrome

Don’t blame users, blame poor system usability!

If users stick their passwordson their monitors, it doesn’t mean they’re stupid.

It means the security engineering needs rethinking.

Smart cards

• Reduce electronic security to physical security.

• Protection mechanisms such as RFID based tracking exist.

● Economic, legal and law

enforcement infrastructure to

deal with compromise.

Find out more atCCS 2005.

Alexandria, VA

Thank you.

Enjoy your beer