Murray, Hazel and Malone, David (2018) Exploring the Impact of Password Dataset Distribution on Guessing. In: 16th Annual Conference on Privacy, Security and Trust, 28-30 August 2018, Belfast.
Preview
DM-Exploring-2018.pdf
Download (875kB) | Preview
Abstract
Leaks from password datasets are a regular occurrence. An organization may defend a leak with reassurances that just a small subset of passwords were taken. In this paper we show that the leak of a relatively small number of text-based passwords from an organizations' stored dataset can lead to a further large collection of users being compromised. Taking a sample of passwords from a given dataset of passwords we exploit the knowledge we gain of the distribution to guess other samples from the same dataset. We show theoretically and empirically that the distribution of passwords in the sample follows the same distribution as the passwords in the whole dataset. We propose a function that measures the ability of one distribution to estimate another. Leveraging this we show that a sample of passwords leaked from a given dataset, will compromise the remaining passwords in that dataset better than a sample leaked from another source.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Keywords: | Impact; Password Dataset; Distribution; Guessing; |
Academic Unit: | Faculty of Science and Engineering > Mathematics and Statistics Faculty of Science and Engineering > Research Institutes > Hamilton Institute |
Item ID: | 10053 |
Identification Number: | arXiv:1809.07221 |
Depositing User: | Dr. David Malone |
Date Deposited: | 04 Oct 2018 13:24 |
Publisher: | arXiv |
Refereed: | Yes |
Funders: | Irish Research Council (IRC) |
URI: | https://mu.eprints-hosting.org/id/eprint/10053 |
Use Licence: | This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here |
Repository Staff Only (login required)
Downloads
Downloads per month over past year