PROJECT TITLE :
Shadow Attacks Based on Password Reuses: A Quantitative Empirical Analysis - 2018
With the proliferation of internet sites, the protection level of password-protected accounts is now not purely determined by individual ones. Users may register multiple accounts on the same web site or across multiple sites, and these passwords from the identical users are probably to be the same or similar. Thus, an adversary can compromise the account of a user on a net forum, then guess the accounts of the identical user in sensitive accounts, e.g., online banking services, whose accounts might have the same or even stronger passwords. We name this attack as the shadow attack on passwords. To perceive things, we tend to examined the state-ofthe-art Intra-Site Password Reuses (ISPR) and Cross-Website Password Reuses (CSPR) based on the leaked passwords from the most important Web user cluster (i.e., 668 million members in China). With a collection of regarding seventy million real-world net passwords across four large websites in China, we have a tendency to obtained around 4.6 million distinct users who have multiple accounts on the identical site or across different sites. We have a tendency to found that for the users with multiple accounts in a very single website, 59.seventy two p.c reused their passwords and for the users with multiple accounts on multiple websites, thirty three.sixteen + eight.91 p.c reused their passwords across websites. For the users that have multiple accounts however completely different passwords, the set of passwords of the same user exhibits patterns that may help password guessing: a leaked weak password reveals partial info of a robust one, which degrades the strength of the strong one. Given the aforementioned findings, we conducted an experiment and achieved a 39.thirty eight percent improvement of guessing success rate with John the Ripper guessing tool. To the most effective of our information, we have a tendency to are the primary to supply a giant-scale, empirical, and quantitative measurement of web password reuses, particularly ISPR, and streamline the severity of such threat in the $64000 world.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here