Password similarity using probabilistic data structures

TL;DR

This paper presents a Bloom filter-based method for detecting password similarity that discourages reuse, enhances security through obfuscation, and resists cryptanalytic attacks, addressing password management challenges.

Contribution

Introduces a novel probabilistic data structure approach using Bloom filters to detect password similarity while protecting stored passwords and resisting cryptanalysis.

Findings

Effective detection of similar passwords to prevent reuse

Passwords stored with Bloom filters are obfuscated and secure

Scheme resists common cryptanalytic techniques

Abstract

Passwords should be easy to remember, yet expiration policies mandate their frequent change. Caught in the crossfire between these conflicting requirements, users often adopt creative methods to perform slight variations over time. While easily fooling the most basic checks for similarity, these schemes lead to a substantial decrease in actual security, because leaked passwords, albeit expired, can be effectively exploited as seeds for crackers. This work describes an approach based on Bloom filters to detect password similarity, which can be used to discourage password reuse habits. The proposed scheme intrinsically obfuscates the stored passwords to protect them in case of database leaks, and can be tuned to be resistant to common cryptanalytic techniques, making it suitable for usage on exposed systems.