Researchers at Purdue University have developed a scheme that protects stolen passwords from offline cracking.
The project is explained in a paper called “ErsatzPasswords – Ending Password Cracking” (pdf) written by Purdue University researchers Mohammed H. Almeshekah, Christopher N. Gutierrez, Mikhail J. Atallah and security pioneer Eugene H. Spafford.
Similar in theory to the Honeywords Project, developed by Ari Juels and Ron Rivest at MIT, Ersatz Passwords instead present the attacker with a long list of phony passwords, and simultaneously trigger an alert within the system notifying admins of an attempted cracking.
The paper explains that the process of computing the real password hash would require an attacker to have access to a hardware security module resident in the authentication server. That dependency makes offline cracking almost impossible. The presentation of the phony passwords is unlike Honeywords, which mixes a list of phony passwords alongside the real ones in a database; in the Ersatz scheme, the real passwords are never available to the hacker.
The researchers said that a system-side initialization of the scheme involves the application of a hardware-dependent function that is applied to each stored hash and fed to the same hash function with the original salt.
“After that, the output is stored in the password file replacing the old stored value,” the researchers wrote. “If an adversary obtains this file and tries to crack any user passwords, the probability that he will get any apparent match is negligible, even if a user password is from a standard dictionary.”
The researchers assert that this puts a serious dent in the effectiveness of offline cracking tools such as John the Ripper. The attacker would, as a result, need access to the hardware in order to properly access the correct hashes.
“An adversary with knowledge of the scheme cannot distinguish between a password file that was computed using our scheme or using the traditional scheme. Even under a stronger assumption, where the adversary knows that the file has been computed using the new scheme, the attacker gains no advantage as he cannot crack the user passwords without access to hardware used to compute the function HDF,” the researchers wrote. “In the case where the attacker is an insider, any extensive use of the HDF can be easily noticed with a clear spike in API usage.”
Almeshekah said the project was motivated by the continuous string of breaches involving leaked hashed password files, and ongoing frustration with users’ reliance on weak passwords and ineffective policies.
“Our work enhances the security of password files, and by extension the security of users’ accounts. We eliminate the possibility of offline password cracking and, at the same time, deceive attackers when they try to crack stolen files by presenting them with fake passwords,” Almeshekah said.
The paper explains as well several methods by which the phony passwords are generated within the scheme, as well as the plausibility that the stolen passwords could still be cracked. Almeshekah said all the source code for the project is available on GitHub.
“Our implementation can easily be integrated into productions system without continuous need of monitoring. A one-time change would alter the password files in the OS to be machine-dependent and render their cracking impossible, while presenting attackers with fake passwords. Another side benefit of our scheme is that it can distribute the underground market for stolen passwords,” Almeshekah said. “Adversaries will perceive an additional risk of using cracked passwords as they know of the existence of such scheme. This will add risk on their side and, hopefully, reduce the value of stolen passwords black market.”