I've decided to conduct my research on the current state of password security, taking a look at any historical trends present and also making projections about the likely future of password based authentication. This will require some analysis of the current/recent state of password security; unfortunately there have been many events where massive numbers of real world passwords/hashes have been leaked/stolen, so I don't expect this information to be too difficult to find.
(In fact, I've just come across the website
https://hashes.org/public.php which has lists of current hash dumps and their cracked progress, which makes it possible for me to do my own analysis of the numbers if it comes down to it).
 |
| As expected |
Beyond looking at the numbers, I should also research how capable a password authentication could be under ideal circumstances, and then discuss what issues we are currently experiencing. There are essentially two main factors that will effect the strength of any password authentication system; the size/complexity of the password and the proper implementation of modern hashing algorithms. I will look into the modern approaches of password cracking methods and try to evaluate which are the most likely from a cost/benefit perspective.
This has given me plenty to work with so far this week, and I expect that by next week I will have a portion of the above done, I think I will primarily be looking at statistical information about password security and also performing some analysis of the tables available at hashes.org (a side note, I did open a few of the 'found' tables and scrolled down to 'pa******', ... and of course, loads of passwords using variations of 'password')
To do:
- Gather/perform analysis of common password usage
- Research current hashing algorithms and determine which ones are in use
- Research password requirements
- Determine if password authentication is phasing out or not
- Gather information about recent/large password compromises (i.e. Linkedin, Sony, etc)
No comments:
Post a Comment