Improved Password Management Based on Enlarged Computational Time and Storage Requirement to the Adversary

• Main Authors: Ji-Fang Chen, 陳季坊
• Other Authors: Sung-Ming Yen
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/m3y8x5

碩士 === 國立中央大學 === 資訊工程學系 === 107 === More and more websites are replacing general physical services due to the increasing popularity of the Internet. A computer user having plenty of on-line membership is common. Users are asked to generate different, long, and complex (high-entropy) passwords for each account. However, people are not good at remember unique and secure passwords for all accounts. They will tend to use simple passwords, or reuse a password for different accounts. Generating high-entropy passwords on the basis of a memorable (low-entropy) master password will be a good choice. The combination of a master password, a site name, and a user name can generate a unique site password. Unfortunately, a memorable (low-entropy) master password will encounter off-line dictionary attacks. Halderman et al proposed a password manager called Password Multiplier [1]. Password Multiplier using iterated hash function and pre-computation to defeat dictionary attacks enlarges an attacker's computation time. The precomputed value stored in a user's computer can reduce calculation. In this paper, we propose two techniques that enlarged computational time and storage requirement based on a master password. Scheme 1 enlarging computational time based on the Password Multiplier. Scheme 1 reduces the calculation time and prevents a master password being derived from the value stored in the user's computer. Scheme 2 enlarging storage requirement is on the basis of a huge database. Requesting information from the database takes time. An attacker will try to copy the information of the database in order to reduce requesting time. In addition, user account information will not exist in a user's computer. Enlarging the gap between users and attackers can defeat dictionary attacks in a period of time. Besides increasing computational time, increasing storage requirement can enlarge the cost of attackers.