Technology and Practice of Passwords International Conference on Passwords, PASSWORDS'14, Trondheim, Norway, December 8-10, 2014, Revised Selected Papers
This book constitutes the thoroughly refereed post-conference proceedings of the 7th International Conference on Passwords, PASSWORDS 2014, held in Trondheim, Norway, in December 2014. The 8 revised full papers presented together with 2 revised short papers were carefully reviewed and selected from...
Saved in:
| Main Author | |
|---|---|
| Format | eBook |
| Language | English |
| Published |
Netherlands
Springer Nature
2015
Springer International Publishing AG Springer |
| Edition | 1 |
| Series | LNCS sublibrary. SL 4, Security and cryptology |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3319241923 9783319241920 3319241915 9783319241913 |
Cover
Table of Contents:
- 5 Related Work -- 6 Conclusions -- References -- charPattern: Rethinking Android Lock Pattern to Adapt to Remote Authentication -- 1 Introduction -- 2 Related Work -- 3 The Proposed System -- 3.1 Design Features -- 3.2 Implementation -- 4 User Study -- 4.1 Sessions of the Study -- 4.2 Pre-experimental Instructions -- 4.3 Lab Study -- 4.4 Web Study -- 5 Results -- 5.1 Collected Data Analysis -- 6 Discussion -- 7 Conclusion -- References -- Analyses -- Unrevealed Patterns in Password Databases Part One: Analyses of Cleartext Passwords -- 1 Introduction -- 1.1 Recent Data Breaches Relating to Passwords -- 1.2 Earlier Results on Passwords -- 2 Encrypting Cleartext Passwords -- 2.1 Password Strength -- 2.2 Password Length Distribution -- 2.3 Letter Frequency Distribution -- 2.4 Entropy Distribution -- 2.5 The Most Common Passwords -- 3 Conclusion and Future Work -- References -- Gathering and Analyzing Identity Leaks for Security Awareness -- 1 Introduction -- 2 Related Work -- 2.1 Scientific Publications -- 2.2 Products and Services -- 3 Identity Leak Checker Service -- 4 Gathering of Identity Leaks -- 4.1 Leak Provision -- 4.2 Leak Announcement -- 4.3 Automated Gathering of Identity Leaks -- 5 Anatomy of an Identity Leak -- 5.1 Information in Identity Leaks and Data Model -- 5.2 Types of Identity Leaks -- 6 Evaluation -- 6.1 Password Distribution -- 6.2 Password Encryption/Hashing Methods -- 7 Future Work -- 8 Conclusion -- References -- New Techniques -- PassCue: The Shared Cues System in Practice -- 1 Introduction -- 2 Background -- 2.1 Password Management Schemes -- 2.2 Person-Action-Object -- 2.3 Password Composition Policy -- 3 BBD Model and the Shared Cues Scheme -- 3.1 Usability Model -- 3.2 Security Model -- 4 Design -- 4.1 Public Cues -- 4.2 Sharing Set -- 4.3 Rehearsal Schedule -- 4.4 Password Composition -- 4.5 Association Set
- Intro -- Preface -- Organization -- Contents -- Hash Functions -- Overview of the Candidates for the Password Hashing Competition -- 1 Introduction -- 2 (Weak) Garbage-Collector Attacks and Their Application to ROMix and scrypt -- 2.1 The (Weak) Garbage-Collector Attack -- 2.2 (Weak) Garbage-Collector Attacks on scrypt -- 3 Overview -- 4 Resistance of PHC Candidates Against (W)GC Attacks -- 5 Conclusion -- References -- On Password Guessing with GPUs and FPGAs -- 1 Introduction -- 1.1 Related Work -- 1.2 Outline -- 2 The Scrypt Password Hash -- 2.1 The Scrypt Construction -- 2.2 GPU Programming -- 2.3 Implementing Scrypt on CUDA -- 3 The Bcrypt Password Hash -- 3.1 The Bcrypt Construction -- 3.2 Implementations of Bcrypt on FPGAs -- 4 Methodology -- 4.1 Basic Idea -- 4.2 Derivation of Equivalent Parameters -- 4.3 Comparing Different Platforms -- 5 Results -- 5.1 Comparing with oclHashcat -- 5.2 Measuring Hashrates -- 5.3 Comparison Taking Cost into Account -- 6 Conclusion -- A Full Runtime Listings for Hashcat -- B Full Runtime Listings for the Benchmark CPUs -- C Full Runtime Listings for Different Trade-Off Parameters for Scrypt -- References -- Cryptographic Module Based Approach for Password Hashing Schemes -- 1 Introduction -- 2 Cryptographic Module -- 3 General Approach for Cryptographic Module Based Password Hashing Scheme -- 4 Security Analysis -- 5 Analysis of Submitted PHC Designs with Respect to Cryptographic Module Based Approach -- 5.1 Categorization of the Schemes -- 6 Conclusions -- References -- Usability -- Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers -- 1 Introduction -- 2 Inconsistencies in Password-Based Login on the Web -- 3 Incentives -- 4 The PMF Semantic Markup -- 4.1 Overview -- 4.2 Forms -- 4.3 Inputs -- 4.4 Password Composition Policies -- 4.5 Errors
- 4.6 Specification -- 5 Analysis -- 5.1 Usability -- 5.2 Security -- 6 Conclusion -- A PassCue -- References -- Private Password Auditing -- 1 Introduction -- 2 Password Auditing -- 2.1 Naive Approach -- 2.2 Auditing Without Full Hashes -- 3 Private Password Auditing (PPA) -- 3.1 Settings -- 3.2 PPA Based on Private Set Intersection -- 3.3 PPA Based on Private Set Intersection Cardinality -- 4 Practicality of PPA Tool -- 5 Conclusion -- References -- SAVVIcode: Preventing Mafia Attacks on Visual Code Authentication Schemes (Short Paper) -- 1 Introduction -- 2 The Problem: Mafia Fraud Relay Attacks -- 3 Our Solution: The SAVVIcode -- 4 Challenges and Future Work -- 5 Conclusions -- References -- Author Index