You are here

Analyzing Password Strength & Efficient Password Cracking

Title: Analyzing Password Strength & Efficient Password Cracking.
Name(s): Yazdi, Shiva Houshmand, author
Aggarwal, Sudhir, professor directing thesis
Kumar, Piyush, committee member
Yuan, Xin, committee member
Department of Computer Science, degree granting department
Florida State University, degree granting institution
Type of Resource: text
Genre: Text
Issuance: monographic
Date Issued: 2011
Publisher: Florida State University
Place of Publication: Tallahassee, Florida
Physical Form: computer
online resource
Extent: 1 online resource
Language(s): English
Abstract/Description: Passwords are still one of the most common means of securing computer systems. Most organizations rely on password authentication systems, and therefore, it is very important for them to enforce their users to have strong passwords. They usually try to enforce security by mandating users to follow password creation policies. They force users to follow some rules such as a minimum length, or using symbols and numbers. However, these policies are not consistent with each other; for example, the length of a good password is different in each policy. They usually ignore the importance of usability of the password for the users. The more complex they are the more they frustrate users and they end up with some coping strategies such as adding "123" at the end of their passwords or repeating a word to make their passwords longer, which reduces the security of the password, and more importantly there is no scientific basis for these password creation policies to make sure that passwords that are created based on these rules are resistance against real attacks. In fact, there are studies that show that even the NIST proposal for a password creation policy that results in strong passwords is not valid. This paper describes different password creation policies and password checkers that try to help users create strong passwords and addresses their issues. Metrics for password strength are explored in this paper and new approaches to calculate these metrics for password distributions are introduced. Furthermore, a new technique to estimate password strength based on its likelihood of being cracked by an attacker is described. In addition, a tool called PAM has been developed and explained in details in this paper to help users have strong passwords using these metrics. PAM is a password analyzer and modifier, which rejects weak passwords and suggests a new stronger password with slight changes to the original one to ensure the usability of the password for each individual.
Identifier: FSU_migr_etd-3737 (IID)
Submitted Note: A Thesis submitted to the Department of Computer Science in partial fulfillment of the requirements for the degree of Master of Science.
Degree Awarded: Summer Semester, 2011.
Date of Defense: June 8, 2011.
Keywords: Password Checking, Password Strength, Password Cracking
Bibliography Note: Includes bibliographical references.
Advisory Committee: Sudhir Aggarwal, Professor Directing Thesis; Piyush Kumar, Committee Member; Xin Yuan, Committee Member.
Subject(s): Computer science
Persistent Link to This Record:
Owner Institution: FSU

Choose the citation style.
Yazdi, S. H. (2011). Analyzing Password Strength & Efficient Password Cracking. Retrieved from