Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Exploring the Number of Tries Related to Cracking Passwords Generated with Different Strategies
University of Skövde, School of Informatics.
2019 (English)Independent thesis Basic level (degree of Bachelor), 15 credits / 22,5 HE creditsStudent thesis
Abstract [en]

As more services and workflows are moved into computerized systems the number of accounts a person has to be aware of is on steady increase. Today the average user is likely to have more than 25 accounts for different services used on a daily basis that all need authentication. The dominant authentication mechanism used today is still password authentication. In an attempt to satisfy the requirements of different password creation policies and to recall all passwords when needed users tend to rely on different strategies for password creation. These strategies may all seem to provide adequate security, and they may do, but the reality is that they differ tremendously in terms of how time consuming it is to crack passwords generated with the different strategies. By conducting interviews with domain experts different password creation strategies are discussed and pseudo algorithms for cracking passwords are constructed. Based on mutual definitions of the classes and a predefined word list the cost for cracking passwords generated by different strategies are explored. Major findings indicate that strategies based on phrases are at the top of the list. Using a strategy to create a seemingly random password based on a logical phrase, where only the first letter from each word is used, tends in some cases to be the best of choice. An example is to turn the phrase “this password is the greatest of them all” into “tpitgota” instead of using the phrase “goodword” to create an 8 character long password. However, if the phrase contains words not usually found in common dictionaries the best strategy seems instead to be utilizing character substitution as in turning the phrase “my dog Krillex is cool” into “myDoGkriLLExiscooL”.

Place, publisher, year, edition, pages
2019. , p. 34
Keywords [en]
Password, Cracking, Strategies
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:his:diva-16980OAI: oai:DiVA.org:his-16980DiVA, id: diva2:1321341
Subject / course
Informationsteknologi
Educational program
Network and Systems Administration
Supervisors
Examiners
Available from: 2019-06-10 Created: 2019-06-07 Last updated: 2019-06-10Bibliographically approved

Open Access in DiVA

fulltext(1350 kB)56 downloads
File information
File name FULLTEXT01.pdfFile size 1350 kBChecksum SHA-512
cb23b3bced0740124916c43efd35d2c10caf3bdfafd12fe52a65806c4b9da9cb79b307618df458723701266d83bd469bbc30903a50d54993b88963b1c6337b5d
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Birath, Marcus
By organisation
School of Informatics
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 56 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 440 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf