[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Password Protection

Title: "Foiling the Cracker": A Survey of, and Improvements to, Password Security
Authors: Daniel V. Klein
Abstract:
With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system ``crackers,'' data theft, data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a pro-active password checker, is proposed.

Title: Observing Reusable Password Choices
Authors: Eugene H. Spafford
Abstract:
The OPUS project being conducted at Purdue is an attempt to screen users' selection of passwords to prevent poor choices. The focus of the project is on using screening methods that are both time and space-efficient and to provide a mechanism that is effective for workstations with little or no disk as well as mainframes. To test this mechanism, it requires a representative sample of real passwords choices as they made by users. The challenge of such a sampling mechanism is how to protect it from attack, and how to protect the results from being used against the system. This paper discusses our approach, and some of our initial observations on the words collected.

Title: OPUS: Preventing Weak Password Choices
Authors: Eugene H. Spafford
Abstract:
This paper describes a space-efficient method of storing a dictionary of words that are not allowed as password choices. Look ups in the dictionary are O(1)(constant time) no matter how many words are in the dictionary. The mechanism described has other interesting features, a few of which are described here.

Title: Password Security: A Case History
Authors: Robert Morris Ken Thompson
Abstract:
This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use.

Title: User Authentication and Related Topics: An Annotated Bibliography
Authors: Eugene H. Spafford Stephen A. Weeber
Abstract:
This bibliography is the result of the author's examination of the current state of user authentication, with an emphasis on password authentication.


Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.