Cost-Asymmetric Memory Hard Password Hashing

by   Wenjie Bai, et al.

In the past decade, billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user's password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker's guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can reduce significantly the percentage of user passwords that are cracked by a rational attacker by up to 10


page 1

page 2

page 3

page 4


Information Signaling: A Counter-Intuitive Defense Against Password Cracking

We introduce password strength information signaling as a novel, yet cou...

DAHash: Distribution Aware Tuning of Password Hashing Costs

An attacker who breaks into an authentication server and steals all of t...

On the Economics of Offline Password Cracking

We develop an economic model of an offline password cracker which allows...

Defending Hash Tables from Subterfuge with Depth Charge

We consider the problem of defending a hash table against a Byzantine at...

Reward Poisoning Attacks on Offline Multi-Agent Reinforcement Learning

We expose the danger of reward poisoning in offline multi-agent reinforc...

Error- and Tamper-Tolerant State Estimation for Discrete Event Systems under Cost Constraints

This paper deals with the state estimation problem in discrete-event sys...

The Panacea Threat Intelligence and Active Defense Platform

We describe Panacea, a system that supports natural language processing ...

Please sign up or login with your details

Forgot password? Click here to reset