On the Economics of Offline Password Cracking
Offered By: IEEE via YouTube
Course Description
Overview
Explore an economic model of offline password cracking in this IEEE Symposium on Security & Privacy conference talk. Delve into quantitative predictions about the fraction of accounts a rational attacker would crack after an authentication server breach. Examine analyses of major password breaches at Yahoo!, Dropbox, LastPass, and AshleyMadison, revealing insufficient protection despite key-stretching measures. Discover evidence supporting Zipf's law distribution in user passwords and learn about the finite threshold determining an attacker's optimal strategy. Investigate how memory hard functions like SCRYPT or Argon2i can significantly mitigate offline attack damage. Gain insights into recommended updates for password hashing standards, emphasizing the importance of memory hard functions and discouraging the use of non-memory hard functions like BCRYPT or PBKDF2.
Syllabus
On the Economics of Offline Password Cracking
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Sensor SecurityIEEE via YouTube Tracking Ransomware End-to-end
IEEE via YouTube Cinderella - Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation
IEEE via YouTube Algorithmic Transparency via Quantitative Input Influence - Theory and Experiments with Learning Systems
IEEE via YouTube Bitcoin Over Tor Isn't a Good Idea
IEEE via YouTube