| Title | An Online Password Guessing Method Based on Big Data |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Li, Zhiyong, Li, Tao, Zhu, Fangdong |
| Conference Name | Proceedings of the 2019 3rd International Conference on Intelligent Systems, Metaheuristics & Swarm Intelligence |
| Publisher | Association for Computing Machinery |
| Conference Location | Male, Maldives |
| ISBN Number | 978-1-4503-7211-4 |
| Keywords | composability, compositionality, password guessing attack, password security, proactive password check, pubcrawl, swarm intelligence |
| Abstract | Password authentication is the most widely used authentication method in information systems. The traditional proactive password detection method is generally implemented by counting password length, character class number and computing password information entropy to improve password security. However, passwords that pass proactive password detection do not represent that they are secure. In this paper, based on the research of the characteristics of password distribution under big data, we propose an online password guessing method, which collects a dataset of guessing passwords composed of weak passwords, high frequency passwords and personal information related passwords. It is used to guess the 13k password dataset leaked in China's largest ticketing website, China Railways 12306 website. The experimental results show that even if our guess object has passed the strict proactive password detection, we can construct a guessing password dataset contain only 100 passwords, and effectively guess 4.84% of the passwords. |
| URL | https://doi.org/10.1145/3325773.3325779 |
| DOI | 10.1145/3325773.3325779 |
| Citation Key | li_online_2019 |
An Online Password Guessing Method Based on Big Data