Change search
ReferencesLink to record
Permanent link

Direct link
Lösenordsmönster: Att förebygga svaga lösenord
2015 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Passwords are used more now than ever before. Their use is based on the ideathat the password is only known to the user and that its secrecy prevents othersfrom accessing potentially valuable or sensitive information. But how secret isa password in today's high tech world? Passwords are generally converted into hashsums and saved in databases. Cracking a password requires that the process is reversed so that the actual password can be derived from the hash sum. This cracking process can beachieved by two methods. An attacker can test all the possible combinations,(brute force cracking) or the attacker can compare the password with a list ofcommonly used passwords (cracking with wordlists). This paper investigates a passwords vulnerability to both brute force crackingand cracking via wordlists. It uses a modern computer's processing speedsto establish the amount of time to crack a certain password via brute forcecracking. It also deploys state of the art techniques to examine a password'scontent. It analyses three databases from dierent online communities to examineany possible correlation between a user's hobby interest and their choiceof password. This paper finds that the majority of passwords won't remain secret for very long. Short passwords which consist of a small alphabet are particularly vulnerable to brute force attacks. However due to the increasing speed of modern computers even passwords which are twelve characters long are still potentially vulnerable. This paper finds that users from a variety of online communities choose common passwords which are likely to be on a wordlist and thus susceptible to cracking via word list attacks.

This paper provides suggestions on how a user can choose a stronger password.

Abstract [sv]

Losenord anvands allt mer frekvent i och med digitaliseringens utspridning.Anvandingsomradet bygger pa ideen att ett losenord ar kant endast for enanvandare och att denna hemlighet forhindrar andra fran att kommaat vardefulleller kanslig information. Men hur hemligt ar ett losenord i dagens hogteknologiskavarld? Losenord ar typiskt sett beraknade till hashsummor och lagrade i databaser.Att knacka en losenordshash gors typiskt sett genom tva metoder. Antingengenom att en angripare provar samtliga mojliga losenord upp till och med enviss angiven teckenlangd, sa kallad brute force knackning. Det andra alternativetar genom att prioritera vissa losenord som bedoms sannolika; en ordlistattack. Detta arbete undersoker vissa sarbarheter hos ett losenord gentemot badebrute force knackning och ordlistattacker. Det ar begransat till den processorkraften genomsnittlig persondator kan tankas inneha. Arbetet utnyttjar metodersom anses state of the art i att analysera ett losenords uppbyggnad. Detanalyserar tre databasdumpar fran olika communities pa internet, for att undersoka eventuella samband mellan anvandares intressen och deras losenord. Arbetet finner att majoriteten av losenord inte kommer att vara hemliga alltfor lange. Korta losenord ar sarskilt sarbara for brute force knackning. Okningen i prestanda gor aven att losenord upp till tolv tecken kan vara obekvamt sarbara. Det visas aven att det nns god anledning att gora fortsatta studier pa ordlistattackerbaserade runtomkring anvandarens intresseomraden. Avslutningsvis ges rad pa procedur for att oka losenordsstyrkan.

Place, publisher, year, edition, pages
National Category
Computer Engineering
URN: urn:nbn:se:hh:diva-30503OAI: diva2:911523
Subject / course
Computer science and engineering
Available from: 2016-03-14 Created: 2016-03-12 Last updated: 2016-03-14Bibliographically approved

Open Access in DiVA

fulltext(488 kB)25 downloads
File information
File name FULLTEXT02.pdfFile size 488 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 25 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 47 hits
ReferencesLink to record
Permanent link

Direct link