How Efficiency of Password Attack Based on a Keyboard
At present, dictionary attack has been the basic tool for
recovering key passwords. In order to avoid dictionary attack, users
purposely choose another character strings as passwords. According to
statistics, about 14% of users choose keys on a keyboard (Kkey, for
short) as passwords. This paper develops a framework system to attack
the password chosen from Kkeys and analyzes its efficiency. Within
this system, we build up keyboard rules using the adjacent and parallel
relationship among Kkeys and then use these Kkey rules to generate
password databases by depth-first search method. According to the
experiment results, we find the key space of databases derived from
these Kkey rules that could be far smaller than the password databases
generated within brute-force attack, thus effectively narrowing down
the scope of attack research. Taking one general Kkey rule, the
combinations in all printable characters (94 types) with Kkey adjacent
and parallel relationship, as an example, the derived key space is about
240 smaller than those in brute-force attack. In addition, we
demonstrate the method's practicality and value by successfully
cracking the access password to UNIX and PC using the password
databases created
[1] Http://www.tech-faq.com/dictionary-attack.shtml.
[2] Password Cracking Wordlist. http: //www.openwall. com/wordlists/.
[3] Password Safe, http://passwordsafe. sourceforge.net/.
[4] Yahoo News. Favorite passwords: ÔÇÿÔÇÿ1234-- and ÔÇÿÔÇÿpassword--, http://
news. yahoo.com, Feb 2009.
[5] Alain Forget, Robert Biddle, Memorability of persuasive passwords, CHI
'08 extended abstracts on Human factors in computing systems, April
05-10, 2008, Florence, Italy.
[6] Mohammad Mannan, P. C. van Oorschot, Digital objects as passwords,
Proceedings of the 3rd conference on Hot topics in security, p.1-6, July
29, 2008, San Jose, CA.
[7] Lorrie Faith Cranor, A framework for reasoning about the human in the
loop, Proceedings of the 1st Conference on Usability, Psychology, and
Security, p.1-15, April 14-14, 2008, San Francisco, California.
[8] Vrizlynn L. L. Thing, Hwei-Meng Ying, A novel time-memory tradeoff
method for password recovery, June 2009.
[9] Project RainbowCrack website, http://project-rainbowcrack.com/.
[10] ElcomSoft password recovery tools, http://www.elcomsoft.com/.
[11] Password recovery software, http:// www.lostpassword.com/.
[12] Password recovery software, http:// www.wwwhack.com/.
[13] Lizuang, Feng Zhou, and J.D.Tygar, University of California, Berkeley,
Keyboard Acoustic Emanations Revisited, ACM Transactions on
Information and System Security, Vol. 13, No. 1, Article 3, October 2009.
[14] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford
Stein, Introduction to Algorithm, 2nd Ed, 2001
[15] S. Russel and P. Norvig, Artificial Intelligence, a modern approach, 2nd
Ed, 2006
[16] John the Ripper. Password cracker, http://www.openwall.com. LCPSoft.
Lcpsoft programs, http://www.lcpsoft.com.
[17] Pwdump7 by Andres Tarasco Acuna, Windows NT family, up through
XP or Vista.
http://passwords.openwall.net/microsoft-windows-nt-2000-xp-2003-vist
a.
[1] Http://www.tech-faq.com/dictionary-attack.shtml.
[2] Password Cracking Wordlist. http: //www.openwall. com/wordlists/.
[3] Password Safe, http://passwordsafe. sourceforge.net/.
[4] Yahoo News. Favorite passwords: ÔÇÿÔÇÿ1234-- and ÔÇÿÔÇÿpassword--, http://
news. yahoo.com, Feb 2009.
[5] Alain Forget, Robert Biddle, Memorability of persuasive passwords, CHI
'08 extended abstracts on Human factors in computing systems, April
05-10, 2008, Florence, Italy.
[6] Mohammad Mannan, P. C. van Oorschot, Digital objects as passwords,
Proceedings of the 3rd conference on Hot topics in security, p.1-6, July
29, 2008, San Jose, CA.
[7] Lorrie Faith Cranor, A framework for reasoning about the human in the
loop, Proceedings of the 1st Conference on Usability, Psychology, and
Security, p.1-15, April 14-14, 2008, San Francisco, California.
[8] Vrizlynn L. L. Thing, Hwei-Meng Ying, A novel time-memory tradeoff
method for password recovery, June 2009.
[9] Project RainbowCrack website, http://project-rainbowcrack.com/.
[10] ElcomSoft password recovery tools, http://www.elcomsoft.com/.
[11] Password recovery software, http:// www.lostpassword.com/.
[12] Password recovery software, http:// www.wwwhack.com/.
[13] Lizuang, Feng Zhou, and J.D.Tygar, University of California, Berkeley,
Keyboard Acoustic Emanations Revisited, ACM Transactions on
Information and System Security, Vol. 13, No. 1, Article 3, October 2009.
[14] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford
Stein, Introduction to Algorithm, 2nd Ed, 2001
[15] S. Russel and P. Norvig, Artificial Intelligence, a modern approach, 2nd
Ed, 2006
[16] John the Ripper. Password cracker, http://www.openwall.com. LCPSoft.
Lcpsoft programs, http://www.lcpsoft.com.
[17] Pwdump7 by Andres Tarasco Acuna, Windows NT family, up through
XP or Vista.
http://passwords.openwall.net/microsoft-windows-nt-2000-xp-2003-vist
a.
@article{"International Journal of Information, Control and Computer Sciences:64399", author = "Hsien-cheng Chou and Fei-pei Lai and Hung-chang Lee", title = "How Efficiency of Password Attack Based on a Keyboard", abstract = "At present, dictionary attack has been the basic tool for
recovering key passwords. In order to avoid dictionary attack, users
purposely choose another character strings as passwords. According to
statistics, about 14% of users choose keys on a keyboard (Kkey, for
short) as passwords. This paper develops a framework system to attack
the password chosen from Kkeys and analyzes its efficiency. Within
this system, we build up keyboard rules using the adjacent and parallel
relationship among Kkeys and then use these Kkey rules to generate
password databases by depth-first search method. According to the
experiment results, we find the key space of databases derived from
these Kkey rules that could be far smaller than the password databases
generated within brute-force attack, thus effectively narrowing down
the scope of attack research. Taking one general Kkey rule, the
combinations in all printable characters (94 types) with Kkey adjacent
and parallel relationship, as an example, the derived key space is about
240 smaller than those in brute-force attack. In addition, we
demonstrate the method's practicality and value by successfully
cracking the access password to UNIX and PC using the password
databases created", keywords = "Brute-force attack, dictionary attack, depth-firstsearch, password attack.", volume = "4", number = "10", pages = "1620-8", }