You are in : Home » Results & submissions » Select UOA » 11 - Computer Science and Informatics » View submission: University of Edinburgh » Outputs » Detail

Output details

11 - Computer Science and Informatics

University of Edinburgh

Return to search Previous output Next output

Output 1 of 401 in the submission

Output title

"Give Me Letters 2, 3 and 6!": Partial Password Implementations and Attacks

Type

E - Conference contribution

DOI

10.1007/978-3-642-39884-1_11

Name of conference/published proceedings

Financial Cryptography and Data Security : 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers

Volume number

7859

Issue number

First page of article

126

ISSN of proceedings

0302-9743

Year of publication

2013

URL

http://dx.doi.org/10.1007/978-3-642-39884-1_11

Number of additional authors

Additional information

<18> Originality: The first paper to survey and measure security of partial passwords, introducing novel attacks. We show that attackers may be able to make accurate guesses, especially if they record a few observations (e.g. via key-logger malware).

Significance: Partial passwords are implemented by many banks and used by millions of consumers. We highlight some banks that have poor security.

Rigour: The paper defines a precise model based on parameters of real implementations; it measures attacks using known leaked password databases (known to correlate with real passwords even used for financial security), and uses combinatorial analysis on guessing unknown positions.

Interdisciplinary

Cross-referral requested

Research group

F - Laboratory for Foundations of Computer Science

Citation count

Proposed double-weighted

Double-weighted statement

Reserve for a double-weighted output

Non-English

English abstract