Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

On the Economics of Offline Password Cracking

IEEE via YouTube

Overview

Explore an economic model of offline password cracking in this IEEE Symposium on Security & Privacy conference talk. Delve into quantitative predictions about the fraction of accounts a rational attacker would crack after an authentication server breach. Examine analyses of major password breaches at Yahoo!, Dropbox, LastPass, and AshleyMadison, revealing insufficient protection despite key-stretching measures. Discover evidence supporting Zipf's law distribution in user passwords and learn about the finite threshold determining an attacker's optimal strategy. Investigate how memory hard functions like SCRYPT or Argon2i can significantly mitigate offline attack damage. Gain insights into recommended updates for password hashing standards, emphasizing the importance of memory hard functions and discouraging the use of non-memory hard functions like BCRYPT or PBKDF2.

Syllabus

On the Economics of Offline Password Cracking

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of On the Economics of Offline Password Cracking

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.