Präsentation Master Thesis von Ruben Baecker: „Phoenix rises once again: How to defeat the (PW-)Hero“
Am 27. September 2023 um 14:00 Uhr präsentiert Ruben Baecker seine Master Thesis zum Thema „Phoenix rises once again: How to defeat the (PW-)Hero“.
Zur Teilnahme via Zoom verwenden Sie die folgenden Daten:
Meeting ID: 657 8171 3404 Passcode: 728017
Unten stehend finden Sie die Kurzfassung des Vortrags in englischer Sprache.
Passwords are the predominant authentication and access control methods in modern computer systems, including the Internet. In simple terms, a login server’s database holds not the password itself but the result of some Hash function. Unfortunately, most users choose short and predictable passwords. Therefore, an attacker can attempt to guess a user’s password and check in case of a data breach if he is correct by comparing the Hash to the stored value. Password hardening schemes help mitigate those offline dictionary attacks.
This thesis focuses on the most recent publication, which claims to offer never-beforeseen security. Despite the claims, we demonstrate two attacks against the scheme and uncover deficiencies in their security model. Consequently, we propose a well-defined security model, prove the relation between similar definitions, and present a novel, lightweight construction. We give formal proofs of the security properties the scheme achieves.