1 |
Cuckoo Filter Probabilistic Password Similarity DetectionDegerfeldt, Anton January 2024 (has links)
Authentication in digital systems is still prominently done through passwords. These passwords should simultaneously be easy to remember, unique, and change over time. Humans, however, have a limited ability to remember complex passwords. To make this easier, users often adopt schemes where a base word is only modified slightly. While such schemes can easily fulfil basic password requirements based on length or the symbols used, they can leave users vulnerable. Leaked passwords, even expired ones, can be exploited by malicious actors and a single compromised account can cascade to multiple services. We propose a v-gram based approach to detect similarity with a set of passwords, which could be used to improve user password habits. The proposed scheme utilizes a Cuckoo Filter, which allows for inherent obfuscation of the stored passwords and the integration of encryption techniques natively. The system could for example be embedded in a password manager to inform users when they are using a password that is too similar to a previous password. This work comprises an analysis of several aspects of the system in order to assess its suitability. A Cuckoo Filter using a single byte fingerprint for each v-gram can achieve load factors exceeding 95%, while maintaining a false positivity rate of less than 3%. The computational cost of guessing a password based on the information stored within the filter is relatively low. While the false positivity rate of the filter and the size of the alphabet have an impact, they are only logarithmically proportional to the cost, and the attack is considered a significant vulnerability. Nevertheless, the proposed system can be a viable alternative for detecting similarity between passwords — if configured correctly — and could be used to guide user behaviour to more secure password habits.
|
Page generated in 0.0475 seconds