Return to search

Lösenordsmönster : Att förebygga svaga lösenord

Passwords are used more now than ever before. Their use is based on the ideathat the password is only known to the user and that its secrecy prevents othersfrom accessing potentially valuable or sensitive information. But how secret isa password in today's high tech world? Passwords are generally converted into hashsums and saved in databases. Cracking a password requires that the process is reversed so that the actual password can be derived from the hash sum. This cracking process can beachieved by two methods. An attacker can test all the possible combinations,(brute force cracking) or the attacker can compare the password with a list ofcommonly used passwords (cracking with wordlists). This paper investigates a passwords vulnerability to both brute force crackingand cracking via wordlists. It uses a modern computer's processing speedsto establish the amount of time to crack a certain password via brute forcecracking. It also deploys state of the art techniques to examine a password'scontent. It analyses three databases from dierent online communities to examineany possible correlation between a user's hobby interest and their choiceof password. This paper finds that the majority of passwords won't remain secret for very long. Short passwords which consist of a small alphabet are particularly vulnerable to brute force attacks. However due to the increasing speed of modern computers even passwords which are twelve characters long are still potentially vulnerable. This paper finds that users from a variety of online communities choose common passwords which are likely to be on a wordlist and thus susceptible to cracking via word list attacks. This paper provides suggestions on how a user can choose a stronger password. / Losenord anvands allt mer frekvent i och med digitaliseringens utspridning.Anvandingsomradet bygger pa ideen att ett losenord ar kant endast for enanvandare och att denna hemlighet forhindrar andra fran att kommaat vardefulleller kanslig information. Men hur hemligt ar ett losenord i dagens hogteknologiskavarld? Losenord ar typiskt sett beraknade till hashsummor och lagrade i databaser.Att knacka en losenordshash gors typiskt sett genom tva metoder. Antingengenom att en angripare provar samtliga mojliga losenord upp till och med enviss angiven teckenlangd, sa kallad brute force knackning. Det andra alternativetar genom att prioritera vissa losenord som bedoms sannolika; en ordlistattack. Detta arbete undersoker vissa sarbarheter hos ett losenord gentemot badebrute force knackning och ordlistattacker. Det ar begransat till den processorkraften genomsnittlig persondator kan tankas inneha. Arbetet utnyttjar metodersom anses state of the art i att analysera ett losenords uppbyggnad. Detanalyserar tre databasdumpar fran olika communities pa internet, for att undersoka eventuella samband mellan anvandares intressen och deras losenord. Arbetet finner att majoriteten av losenord inte kommer att vara hemliga alltfor lange. Korta losenord ar sarskilt sarbara for brute force knackning. Okningen i prestanda gor aven att losenord upp till tolv tecken kan vara obekvamt sarbara. Det visas aven att det nns god anledning att gora fortsatta studier pa ordlistattackerbaserade runtomkring anvandarens intresseomraden. Avslutningsvis ges rad pa procedur for att oka losenordsstyrkan.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hh-30503
Date January 2015
CreatorsCrossley, Mark, Lindell, Joakim
Source SetsDiVA Archive at Upsalla University
LanguageSwedish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0111 seconds