An Oblivious Password Cracking Server
Aureliano Calvo (1), Ariel Futoransky (1), Carlos Sarraute (1, 2), ((1) Core Security Technologies, (2) ITBA (Instituto Tecnologico de Buenos, Aires))
TL;DR
This paper introduces a privacy-preserving password cracking server that uses Hellman tables and PIR protocols to protect query confidentiality, enabling secure password cracking services hosted in cloud environments.
Contribution
It presents a novel method combining Hellman tables with PIR protocols to ensure query privacy in password cracking servers.
Findings
The proposed method maintains query confidentiality effectively.
Experimental results demonstrate practical feasibility.
Complexity analysis shows scalability potential.
Abstract
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power. In this paper we present a method to preserve the confidentiality of a password cracker---wherein the tables used to crack the passwords are stored by a third party---by combining Hellman tables and Private Information Retrieval (PIR) protocols. We provide the technical details of this method, analyze its complexity, and show the experimental results obtained with our implementation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Cryptography and Data Security · Internet Traffic Analysis and Secure E-voting