Passlab: A Password Security Tool for the Blue Team

TL;DR

Passlab is a new password security tool designed for system administrators to make evidence-based security decisions using formal methods and an intuitive interface, addressing a gap in blue team defense tools.

Contribution

The paper introduces Passlab, a novel tool that leverages formal methods to enhance password security management for defenders.

Findings

Initial prototype demonstrates improved decision support for password security.

User interface facilitates understanding of password vulnerabilities.

Potential to integrate with existing security workflows.

Abstract

If we wish to compromise some password-protected system as an attacker (i.e. a member of the red team), we have a large number of popular and actively-maintained tools to choose from in helping us to realise our goal. Password hash cracking hardware and software, online guessing tools, exploit frameworks, and a wealth of tools for helping us to perform reconnaissance on the target system are widely available. By comparison, if we wish to defend a password-protected system against such an attack (i.e. as a member of the blue team), we have comparatively few tools to choose from. In this research abstract, we present our work to date on Passlab, a password security tool designed to help system administrators take advantage of formal methods in order to make sensible and evidence-based security decisions using a clean and intuitive user interface.