OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

Markus Duermuth 1 Fabian Angelstorf 1 Claude Castelluccia 2 Daniele Perito 2 Abdelberi Chaabane 2
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Passwords are widely used for user authentication, and will likely remain in use in the foreseeable future, despite several weaknesses. One important weakness is that human-generated passwords are far from being random, which makes them susceptible to guessing attacks. Under-standing the adversaries capabilities for guessing attacks is a fundamental necessity for estimating their impact and advising countermeasures. This paper presents OMEN, a new Markov model-based password cracker that extends ideas proposed by Narayanan and Shmatikov (CCS 2005). The main novelty of our tool is that it generates password candidates according to their occurrence probabilities, i.e., it outputs most likely passwords first. As shown by our extensive experiments, OMEN signifi-cantly improves guessing speed over existing proposals. In particular, we compare the performance of OMEN with the Markov mode of John the Ripper, which implements the password indexing func-tion by Narayanan and Shmatikov. OMEN guesses more than 40% of passwords correctly with the first 90 million guesses, while JtR-Markov (for T = 1 billion) needs at least eight times as many guesses to reach the same goal, and OMEN guesses more than 80% of passwords correctly at 10 billion guesses, more than all probabilistic password crackers we compared against.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [20 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01112124
Contributor : Claude Castelluccia <>
Submitted on : Monday, February 2, 2015 - 12:01:59 PM
Last modification on : Saturday, October 27, 2018 - 1:20:15 AM
Document(s) archivé(s) le : Sunday, May 3, 2015 - 10:35:20 AM

File

omen.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01112124, version 1

Collections

Citation

Markus Duermuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane. OMEN: Faster Password Guessing Using an Ordered Markov Enumerator. International Symposium on Engineering Secure Software and Systems, Mar 2015, milan, Italy. ⟨hal-01112124⟩

Share

Metrics

Record views

680

Files downloads

3892