Abstract

Passwords, particularly text-based, are the most common authentication mechanisms across all platforms and services like computers, mobiles, web and network services. Existing password strength evaluators and online service providers (Gmail, Yahoo, Paypal, Twitter, etc) password strength estimators determine the effectiveness of passwords chosen by user based on entropy techniques or a similar function of the parameters: length, complexity and predictability. Such implementations often ignore passwords part of publicly available password dictionaries and password leaks which are often the primary choice for malicious adversaries and particularly script kiddies. This paper presents an application that would help in preventing the use of such passwords thereby reducing the impact of dictionary based password attacks significantly. The application maintains a database of unique passwords by gathering publicly available password dictionaries and passwords leaked over the Internet. The application provides users with an interface to query the database and verify if their passwords are already available on the Internet thereby preventing them from the use of such passwords.

Library of Congress Subject Headings

Computers--Access control--Passwords; Computer crimes--Prevention; Data protection

Publication Date

2-21-2014

Document Type

Thesis

Student Type

Graduate

Degree Name

Computing Security (MS)

Department, Program, or Center

Department of Computing Security (GCCIS)

Advisor

Bill Stackpole

Advisor/Committee Member

Daryl Johnson

Advisor/Committee Member

Yin Pan

Comments

Physical copy available from RIT's Wallace Library at QA76.9.A25 M345 2014

Campus

RIT – Main Campus

Plan Codes

COMPSEC-MS

Download

Share

COinS