密码
计算机科学
概率逻辑
趋同(经济学)
集合(抽象数据类型)
启发式
密码强度
计算机安全
密码破解
蛮力攻击
蒙特卡罗方法
密码学
人工智能
一次性密码
数学
统计
经济
程序设计语言
经济增长
作者
Matteo Dell’Amico,Maurizio Filippone
标识
DOI:10.1145/2810103.2813631
摘要
Modern password guessing attacks adopt sophisticated probabilistic techniques that allow for orders of magnitude less guesses to succeed compared to brute force. Unfortunately, best practices and password strength evaluators failed to keep up: they are generally based on heuristic rules designed to defend against obsolete brute force attacks. Many passwords can only be guessed with significant effort, and motivated attackers may be willing to invest resources to obtain valuable passwords. However, it is eminently impractical for the defender to simulate expensive attacks against each user to accurately characterize their password strength. This paper proposes a novel method to estimate the number of guesses needed to find a password using modern attacks. The proposed method requires little resources, applies to a wide set of probabilistic models, and is characterised by highly desirable convergence properties.
科研通智能强力驱动
Strongly Powered by AbleSci AI