期刊名称:International Journal of Computer Science and Information Technologies
电子版ISSN:0975-9646
出版年度:2016
卷号:7
期号:3
页码:1079-1081
出版社:TechScience Publications
摘要:Most of the application developers did themistaken to store user passwords within databases as text format or only as their seasoning hash values. More real-life successful hacking attempts that enabled attackers to get unauthorized access to reactive database entries including user passwords have been experienced in the past. Appropriate password hashes, attackers perform bruteforce, dictionary or rainbow-table attacks to expose text format passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their victory velocity is not enough. In this paper, we propose a book method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a difficult and strong password. In order to analyze and show victory velocity of our developed method, we performed cracking tests on real-life leaked password hashes by using both a conventional dictionary and our pattern-based dictionary. We observed that our pattern based method is superior for cracking password hashes.
关键词:password security; authentication; data security; dictionary attacks; hash cracking passwords.