ErsatzPasswords - Ending Password Cracking
Project Members
Christopher N. Gutierrez, Mohammed H. Almeshekah, Mikhail J. Atallah, and Eugene H. Spafford
Christopher N. Gutierrez, Mohammed H. Almeshekah, Mikhail J. Atallah, and Eugene H. Spafford
Abstract
In this work we present a simple, yet effective and practical, scheme to improve
the security of stored password hashes rendering their cracking detectable and
insuperable at the same time. We utilize a machine-dependent function, such as
a physically unclonable function (PUF) or a hardware security module (HSM)
at the authentication server. The scheme can be easily integrated with legacy
systems without the need of any additional servers, changing the structure of
the hashed password file or any client modifications. When using the scheme the
structure of the hashed passwords file, etc/shadow or etc/master.passwd, will
appear no different than in the traditional scheme.1 However, when an attacker
exfiltrates the hashed passwords file and tries to crack it, the only passwords
he will get are the ersatzpasswords — the “fake passwords”. When an attempt
to login using these ersatzpasswords is detected an alarm will be triggered in
the system that someone attempted to crack the password file. Even with an
adversary who knows the scheme, cracking cannot be launched without physical
access to the authentication server. The scheme also includes a secure backup
mechanism in the event of a failure of the hardware dependent function. We
discuss our implementation and provide some discussion in comparison to the
traditional authentication scheme.