Password Pattern Analysis
RESEARCH PROPOSAL
Password pattern analysis, measuring password strength from CSDN leaked passwords
Inducement of this problem:
"On 21st, Dec, 2011, Account information for more than 6 millions registered users of online community Chinese Software Developer Network (CSDN.net) has reportedly been leaked online. Industry sources today added that account information has also been leaked for 8 millions and 20 millions users, respectively, of the 7k7k and 178.com gaming websites. CSDN has confirmed the news, saying the leaked information is from a 2009 backup of the site 's database, although the exact cause for the leak has yet to be determined. Online sources say that the leaks were deliberate and users of Chinese SNS sites Renren and Kaixin001, the Tianya online community and matchmaking sites Jiayuan.com and Baihe.com will be the next targets (these website are just involved in rumors now, no password package from them are leaked) "[1]. (on 25th, Dec, 2011, the data from Tianya online community having already being leaked and I have downloaded the package also ensure that username-password are effective most --from author)
Backgrounds:
Text-based passwords is still and will remain the most significant authentication method in an expected long time for computer systems, especially the social network systems (SNS) are keeping their usernames and passwords in the database. The most recent example of data breaches involving large numbers of hashed passwords happened in China is the CSDN Password-Scandal, which involves more then 6 millions users ' passwords being leaked. This threat is so real that once these passwords have been cracked, they can be used to gain access not only to the original site, but also to other accounts where users have reused their passwords. This is an important consideration because studies indicate that password reuse (exactly and with minor variations) is a common and growing practice as users acquire more online accounts.
Password pattern analysis, measuring password strength from CSDN leaked passwords
Inducement of this problem:
"On 21st, Dec, 2011, Account information for more than 6 millions registered users of online community Chinese Software Developer Network (CSDN.net) has reportedly been leaked online. Industry sources today added that account information has also been leaked for 8 millions and 20 millions users, respectively, of the 7k7k and 178.com gaming websites. CSDN has confirmed the news, saying the leaked information is from a 2009 backup of the site 's database, although the exact cause for the leak has yet to be determined. Online sources say that the leaks were deliberate and users of Chinese SNS sites Renren and Kaixin001, the Tianya online community and matchmaking sites Jiayuan.com and Baihe.com will be the next targets (these website are just involved in rumors now, no password package from them are leaked) "[1]. (on 25th, Dec, 2011, the data from Tianya online community having already being leaked and I have downloaded the package also ensure that username-password are effective most --from author)
Backgrounds:
Text-based passwords is still and will remain the most significant authentication method in an expected long time for computer systems, especially the social network systems (SNS) are keeping their usernames and passwords in the database. The most recent example of data breaches involving large numbers of hashed passwords happened in China is the CSDN Password-Scandal, which involves more then 6 millions users ' passwords being leaked. This threat is so real that once these passwords have been cracked, they can be used to gain access not only to the original site, but also to other accounts where users have reused their passwords. This is an important consideration because studies indicate that password reuse (exactly and with minor variations) is a common and growing practice as users acquire more online accounts.
References: [1] Marbridge Consulting. Rumor: Online Community CSDN.net Suffers Data Breach, Techweb. http://www.marbridgeconsulting.com/marbridgedaily/2011-12-22/article/52430/rumor_online_co mmunity_csdnnet_suffers_data_breach December, 2011 [2] GAW, S., ANDFELTEN, E. W. Password management strategies for online accounts. In Proceedings of the second symposium on Usable privacy and security (New York, NY, USA, 2006), SOUPS ’06, ACM, pp. 44–55. [3] SHAY, R., KOMANDURI, S., KELLEY, P., LEON, P., MAZUREK, M., BAUER, L., CHRISTIN, N., ANDCRA-NOR, L. Encountering stronger password requirements: user attitudes and behaviors. In Proc. SOUPS’10(2010). [4] KUO, C., ROMANOSKY, S., ANDCRANOR, L. F. Human selection of mnemonic phrase-based passwords. In Symposium on Usable Privacy and Security(2006), pp. 67–78. [5] PROCTOR, R. W., LIEN, M.-C., VU, K.-P. L., SCHULTZ, E. E., ANDSALVENDY, G. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Res. Methods, Instruments, & Computers 34, 2 (2002), 163–169. [6] VU, K.-P. L., PROCTOR, R. W., BHARGAV-SPANTZEL, A., TAI, B.-L. B., ANDCOOK, J. Improving password security and memorability to protect personal and organizational information. Int. J. of Human-Comp. Studies 65, 8 (2007), 744–757. [7] SHANNON, C. E. A mathematical theory of communication. Bell Syst. Tech. J. 27(1949), 379–423,623–656. [8] SHANNON, C. E. A mathematical theory of communication. Bell Syst. Tech. J. 27(1949), 379–423,623–656.