On the economics of offline password cracking
We develop an economic model of an offline password cracker which allows us to make
quantitative predictions about the fraction of accounts that a rational password attacker …
quantitative predictions about the fraction of accounts that a rational password attacker …
Efficiently computing data-independent memory-hard functions
J Alwen, J Blocki - Annual International Cryptology Conference, 2016 - Springer
A memory-hard function (MHF) f is equipped with a space cost σ and time cost τ parameter
such that repeatedly computing f_ σ, τ on an application specific integrated circuit (ASIC) is …
such that repeatedly computing f_ σ, τ on an application specific integrated circuit (ASIC) is …
Differentially private password frequency lists
Given a dataset of user-chosen passwords, the frequency list reveals the frequency of each
unique password. We present a novel mechanism for releasing perturbed password …
unique password. We present a novel mechanism for releasing perturbed password …
Designing proof of human-work puzzles for cryptocurrency and beyond
We introduce the novel notion of a Proof of Human-work (PoH) and present the first
distributed consensus protocol from hard Artificial Intelligence problems. As the name …
distributed consensus protocol from hard Artificial Intelligence problems. As the name …
Spaced repetition and mnemonics enable recall of multiple strong passwords
We report on a user study that provides evidence that spaced repetition and a specific
mnemonic technique enable users to successfully recall multiple strong passwords over …
mnemonic technique enable users to successfully recall multiple strong passwords over …
A novel approach for designing authentication system using a picture based P300 speller
Due to great advances in the field of information technology, the need for a more reliable
authentication system has been growing rapidly for protecting the individual or …
authentication system has been growing rapidly for protecting the individual or …
Please do not use!? _ or your license plate number: Analyzing password policies in german companies
Password composition policies (PCPs) set rules that are intended to increase the security of
user-chosen passwords. We conducted an online survey and investigated the employee …
user-chosen passwords. We conducted an online survey and investigated the employee …
Method and system of providing a picture password proof of knowledge as a web service
RH Thibadeau, JD Donnell - US Patent 9,813,411, 2017 - Google Patents
6, 249, 868 B16/2001 Sherman et al. 6, 411, 283 B1 6/2002 Murphy 6, 658, 328 B1 12/2003
Alrabady et al. 6, 934, 860 B1 8/2005 Goldstein 6, 983, 065 B1 1/2006 Akgul et al. 7, 243 …
Alrabady et al. 6, 934, 860 B1 8/2005 Goldstein 6, 983, 065 B1 1/2006 Akgul et al. 7, 243 …
CASH: A cost asymmetric secure hash algorithm for optimal password protection
An adversary who has obtained the cryptographic hash of a user's password can mount an
offline attack to crack the password by comparing this hash value with the cryptographic …
offline attack to crack the password by comparing this hash value with the cryptographic …
A second look at password composition policies in the wild: Comparing samples from 2010 and 2016
P Mayer, J Kirchner, M Volkamer - Thirteenth Symposium on Usable …, 2017 - usenix.org
In this paper we present a replication and extension of the study performed by Florêncio and
Herley published at SOUPS 2010. They investigated a sample of US websites, examining …
Herley published at SOUPS 2010. They investigated a sample of US websites, examining …