[Resource Topic] 2013/696: Examination of a New Defense Mechanism: Honeywords

Welcome to the resource topic for 2013/696

Title:
Examination of a New Defense Mechanism: Honeywords

Authors: Ziya Alper Genc, Suleyman Kardas, Mehmet Sabir Kiraz

Abstract:

It has become much easier to crack a password hash with the advancements in the graphicalprocessing unit (GPU) technology. An adversary can recover a user’s password using brute-force attack on password hash. Once the password has been recovered no server can detect any illegitimate user authentication (if there is no extra mechanism used). In this context, recently, Juels and Rivest published a paper for improving the security of hashed passwords. Roughly speaking, they propose an approach for user authentication, in which some false passwords, i.e., “honeywords” are added into a password file, in order to detect impersonation. Their solution includes an auxiliary secure server called “honeychecker” which can distinguish a user’s real password among her honeywords and immediately sets off an alarm whenever a honeyword is used. In this paper, we analyze the security of the proposal, provide some possible improvements which are easy to implement and introduce an enhanced model as a solution to an open problem.

ePrint: https://eprint.iacr.org/2013/696

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .