The Economics of Offline Password Cracking

Jan 17, 2018

Download: MP4 Video Size: 260.0MB  
Watch on YouTube

Abstract

Password leaks have become an unfortunately common occurrence, with billions of records leaked in the past few years. In this work we develop and economic model to help predict how many user passwords such an attacker will crack after such a breach. Our analysis indicates that currently deployed key stretching mechanisms such as PBKDF2 and BCRYPT provide insufficient protection for user passwords. In particular, our analysis shows that a rational attacker will crack 100% of passwords chosen from a Zipf's law distribution and that Zipf's Law accurately models the distribution of most user passwords. This dismal claim holds even if PBKDF2 is used with 100,000 hash iterations (10 times greater than NIST's minimum recommendation). On a positive note our analysis demonstrates that memory hard functions (MHFs) such as SCRYPT or Argon2i can significantly reduce the damage of an offline attack. Based on our analysis we advocate that password hashing standards should be updated to require the use of memory hard functions for password hashing and disallow the use of non-memory hard functions such as BCRYPT or PBKDF2.