1 j. alex halderman a convenient method for securely managing passwords j. alex halderman princeton...
TRANSCRIPT
1 J. Alex Halderman
A Convenient Method for Securely Managing
PasswordsJ. Alex
HaldermanPrinceton
Brent WatersStanford
Edward W. Felten
Princeton
2 J. Alex Halderman
• Web site password overloadGenerating, keeping secret, and recalling
passwords for scores of sites
• Leads to insecure coping techniques– Writing passwords down– Reusing same passwords
• Difficult to enforce better behaviorWe need to make password security
easy
****ing Passwords!
3 J. Alex Halderman
In This Talk
1. Approaches to password management
2. Our construction and its security
3. Comparison with other techniques
4. Demonstration of our implementation
5. Future work and conclusions
4 J. Alex Halderman
Approaches to Password Mgmt
• Local encrypted storagee.g., Password Safe (1998)– Cumbersome to access from multiple locations
• Centralized remote authenticatione.g., Microsoft Passport (1999)– Needs server-side changes, trusted third party
• Cryptographic password generatione.g., LPWA (1997), PwdHash (2004),
our scheme (2004)
5 J. Alex Halderman
Password Generators
Master Password“amazon.com”
Hash()
“wrbPzdqS”Use as your Amazon password
A simple idea, but hard to get right!
• E.g.: LPWA, PwdHash• Client software derives
individual site passwords using deterministic one-way function
• Users sets all site passwords to function output
• Only need to remember master password to recreate all site passwords—highly transportable!
6 J. Alex Halderman
==
Stealing the Master Password
Adversary learnspassword from low-security site
Password Guess
“yahoo.com”
Hash()
“RWwsYlTi”
“LZIniBNd” “LZIniBNd”
=?
Dictionary attack to learn master
password
Can access all otherpassword-managed
sites
“rover”“lassie”“spot”
“fido”
“LZIniBNd”“H2VeusSq”“CJPZfAKx” amazon.com wrbPzdqSgmail.com obIDmoglcitibank.com sX4rLlO1
“spot”
Easy to execute because scheme use fast hashes
7 J. Alex Halderman
Thwarting Brute Force Attacks
attack cost = ½ × dictionary size × cost per guess
• Hard to increase dictionary sizeUser habits hard to change, limits on human memory
• Increase cost per guess by using slower hash– Used elsewhere to protect password verification
routines (UNIX crypt)– Our approach: iterated hash
• Security vs. usability tradeoff User has to wait too! — Cache intermediate results
8 J. Alex Halderman
Our ConstructionMaster password
“MyD06ReX”User identity
Hk1()
“wrb8zdqS”User’s site passwordfor “amazon.com”
Hk2() Target site“amazon.com”
LocalCache
(k1 >> k2)Init
ializ
ati
on
Ph
ase
Gen
era
tion
Ph
ase
Mapping
Master password(again)
9 J. Alex Halderman
Security Analysis
Four attack scenarios:1. No information2. Stolen site password3. Stolen cache data4. Stolen cache + site
password
Primary concern is offline attacks.
?
?
?
Increasingexternaldifficulty
10 J. Alex Halderman
Security of Our Scheme
Attack scenarioHashes/guess
Time/guess
1. No information N/A N/A
2. Stolen site password k1+k2100.1s
3. Stolen cache data k1 100s
4. Stolen cache + site password
k2 0.1s
11 J. Alex Halderman
Relative Attack Resistance
Estimated time to test 100,000 guesses
SchemeStolen password
Stolendata
Stolen pwand data
Password Safe
N/A 74.6 secs 74.6 secs
LPWA 0.5 secs N/A N/A
PwdHash 0.1 secs N/A N/A
Our Scheme 116 days 116 days 2.8 hours
12 J. Alex Halderman
Equivalent Password Length
Our Scheme
LPWA
PwdHash
****
********
*********
13 J. Alex Halderman
Password Multiplier• Extension for Mozilla Firefox
Windows, Mac OS X, and Linux
• Tightly integrated with browserDouble-click any password field to fill in
• Balanced security and convenience– Initialization — 108 iterations, ~100 seconds
(Only once per installation)– Password generation — 105 iterations, ~0.1
secs(Before every password operation)
14 J. Alex Halderman
Password Multiplier — Demo
15 J. Alex Halderman
Future Improvements• Flexible password formatting
Cope with sites that require numbers, punctuation, special patterns
• Easier password changesManually and at regular intervals
• Improved anti-spoofingAdopt techniques from PwdHash
• Port to Internet Explorer, others
Require additional “state”
16 J. Alex Halderman
Summary — Our scheme:• Provides password access from anywhere our
software can be executed
• Asks user to remember only one short password
• Requires no server-side changes
• Does not require trusting a third-party service
• Nearly as secure as independent random pwds
• Likely much more secure than what you do now
• Is practical, available today, and freehttp://www.cs.princeton.edu/~jhalderm/projects/password/
17 J. Alex Halderman
A Convenient Method for Securely Managing
PasswordsJ. Alex
HaldermanPrinceton
Brent WatersStanford
Edward W. Felten
Princeton