We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Exploring the Impact of Password Dataset Distribution on Guessing

Abstract: Leaks from password datasets are a regular occurrence. An organization may defend a leak with reassurances that just a small subset of passwords were taken. In this paper we show that the leak of a relatively small number of text-based passwords from an organizations' stored dataset can lead to a further large collection of users being compromised. Taking a sample of passwords from a given dataset of passwords we exploit the knowledge we gain of the distribution to guess other samples from the same dataset. We show theoretically and empirically that the distribution of passwords in the sample follows the same distribution as the passwords in the whole dataset. We propose a function that measures the ability of one distribution to estimate another. Leveraging this we show that a sample of passwords leaked from a given dataset, will compromise the remaining passwords in that dataset better than a sample leaked from another source.
Subjects: Cryptography and Security (cs.CR); Applications (stat.AP)
Journal reference: 2018 16th Annual Conference on Privacy, Security and Trust (PST)
DOI: 10.1109/PST.2018.8514194
Cite as: arXiv:1809.07221 [cs.CR]
  (or arXiv:1809.07221v1 [cs.CR] for this version)

Submission history

From: Hazel Murray [view email]
[v1] Wed, 19 Sep 2018 14:35:57 GMT (714kb,D)

Link back to: arXiv, form interface, contact.