Title: "Foiling the Cracker": A Survey of, and Improvements to, Password Security
Authors: Daniel V. Klein
Abstract:
- With the rapid burgeoning of national and international networks, the
question of system security has become one of growing importance. High
speed inter-machine communication and even higher speed computational
processors have made the threats of system ``crackers,'' data theft,
data corruption very real. This paper outlines some of the problems of
current password security by demonstrating the ease by which
individual accounts may be broken. Various techniques used by crackers
are outlined, and finally one solution to this point of system
vulnerability, a pro-active password checker, is proposed.
Title: Observing Reusable Password Choices
Authors: Eugene H. Spafford
Abstract:
- The OPUS project being conducted at Purdue is an attempt to screen
users' selection of passwords to prevent poor choices. The focus of
the project is on using screening methods that are both time and
space-efficient and to provide a mechanism that is effective for
workstations with little or no disk as well as mainframes. To test
this mechanism, it requires a representative sample of real passwords
choices as they made by users. The challenge of such a sampling
mechanism is how to protect it from attack, and how to protect the
results from being used against the system. This paper discusses our
approach, and some of our initial observations on the words
collected.
Title: OPUS: Preventing Weak Password Choices
Authors: Eugene H. Spafford
Abstract:
- This paper describes a space-efficient method of storing a dictionary
of words that are not allowed as password choices. Look ups in the
dictionary are O(1)(constant time) no matter how many words are in the
dictionary. The mechanism described has other interesting features, a
few of which are described here.
Title: Password Security: A Case History
Authors: Robert Morris Ken Thompson
Abstract:
- This paper describes the history of the design of the password
security scheme on a remotely accessed time-sharing system. The
present design was the result of countering observed attempts to
penetrate the system. The result is a compromise between extreme
security and ease of use.
Title: User Authentication and Related Topics: An Annotated Bibliography
Authors: Eugene H. Spafford Stephen A. Weeber
Abstract:
- This bibliography is the result of the author's examination of the
current state of user authentication, with an emphasis on password
authentication.
|