Mechanism for the prevention of password reuse through Anonymized Hashes
Author and article information
Abstract
Password authentication is an essential and widespread form of user authentication on the Internet with no other authentication system matching its dominance. When a password on one website is breached, if reused, the stolen password can be used to gain access to multiple other authenticated websites. Even amongst technically educated users, the security issues surrounding password reuse are not well understood and restrictive password composition rules have been unsuccessful in reducing password reuse. In response, the US NIST have published standards outlining that, when setting passwords, authentication systems should validate that user passwords have not already been compromised or breached. We propose a mechanism to allows for clients to anonymously validate whether or not a password has been identified in a compromised database, without needing to download the entire database or send their password to a third-party service. A mechanism is proposed whereby password hash data is generalized such that it holds the k-anonymity property. An implementation is constructed to identify to what extent the data should be generalized for it to hold k-anonymity and additionally to group password hashes by their generalized anonymous value. The implementation is run on a database of over 320 million leaked passwords and the results of the anonymization process are considered.
Cite this as
2017. Mechanism for the prevention of password reuse through Anonymized Hashes. PeerJ Preprints 5:e3322v1 https://doi.org/10.7287/peerj.preprints.3322v1Author comment
This is a submission to PeerJ Computer Science for review.
Sections
Supplemental Information
Scripts use to process password data
Contains scripts written in the Go programming language used to process password hashes.
Count of hashes listed by the prefix they start with
Additional Information
Competing Interests
Junade Ali is employed by Cloudflare, Inc.
Author Contributions
Junade Ali conceived and designed the experiments, performed the experiments, analyzed the data, contributed reagents/materials/analysis tools, wrote the paper, prepared figures and/or tables, performed the computation work, reviewed drafts of the paper.
Funding
This work was supported by Cloudflare, Inc. as part of a research project. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.