{"id":"https://openalex.org/W2534419286","doi":"https://doi.org/10.1145/2976749.2978416","title":"On the Security of Cracking-Resistant Password Vaults","display_name":"On the Security of Cracking-Resistant Password Vaults","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2534419286","doi":"https://doi.org/10.1145/2976749.2978416","mag":"2534419286"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978416","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978416","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069307193","display_name":"Maximilian Golla","orcid":"https://orcid.org/0000-0003-2204-2132"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Maximilian Golla","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067960535","display_name":"Benedict Beuscher","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Benedict Beuscher","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110236021","display_name":"Markus D\u00fcrmuth","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Markus D\u00fcrmuth","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5069307193"],"corresponding_institution_ids":["https://openalex.org/I904495901"],"apc_list":null,"apc_paid":null,"fwci":9.9519,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.97984021,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1230","last_page":"1241"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9878000020980835,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.8205205798149109},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.7912118434906006},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7256767153739929},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6271551847457886},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.4487985372543335},{"id":"https://openalex.org/keywords/brute-force-attack","display_name":"Brute-force attack","score":0.43759605288505554},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4258680045604706},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.2520579397678375}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.8205205798149109},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.7912118434906006},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7256767153739929},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6271551847457886},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.4487985372543335},{"id":"https://openalex.org/C207468940","wikidata":"https://www.wikidata.org/wiki/Q869370","display_name":"Brute-force attack","level":3,"score":0.43759605288505554},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4258680045604706},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.2520579397678375}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978416","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978416","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W167157979","https://openalex.org/W563958770","https://openalex.org/W821002660","https://openalex.org/W1468946140","https://openalex.org/W1501932514","https://openalex.org/W1534968492","https://openalex.org/W1540780277","https://openalex.org/W1546147126","https://openalex.org/W1696255542","https://openalex.org/W1746848557","https://openalex.org/W1811376871","https://openalex.org/W1884689072","https://openalex.org/W1892454167","https://openalex.org/W1973926261","https://openalex.org/W2007488200","https://openalex.org/W2019578814","https://openalex.org/W2024562548","https://openalex.org/W2030112111","https://openalex.org/W2073342447","https://openalex.org/W2086553822","https://openalex.org/W2089870583","https://openalex.org/W2107911557","https://openalex.org/W2135359429","https://openalex.org/W2139842203","https://openalex.org/W2207835792","https://openalex.org/W2481471882","https://openalex.org/W4230305990"],"related_works":["https://openalex.org/W137322897","https://openalex.org/W2054626033","https://openalex.org/W1982158666","https://openalex.org/W3013108623","https://openalex.org/W3131491961","https://openalex.org/W2555472429","https://openalex.org/W1607548261","https://openalex.org/W2097945858","https://openalex.org/W4239831152","https://openalex.org/W4312630426"],"abstract_inverted_index":{"Password":[0],"vaults":[1,31,63,97,107,149,200,245],"are":[2,32,99,119,130,166],"used":[3],"to":[4,101,139,153,181,241],"store":[5],"login":[6],"credentials,":[7],"usually":[8],"encrypted":[9],"by":[10,172],"a":[11,19,73,182,185,247],"master":[12,52,75],"password,":[13,76],"relieving":[14],"the":[15,42,46,51,114,124,141,145,156,196,205,216,236,243],"user":[16],"from":[17],"memorizing":[18],"large":[20],"number":[21],"of":[22,44,127,155,198,207,218,225,250],"complex":[23],"passwords.":[24],"To":[25,49],"manage":[26],"accounts":[27],"on":[28,65,121,230],"multiple":[29],"devices,":[30],"often":[33],"stored":[34],"at":[35],"an":[36,226],"online":[37],"service,":[38],"which":[39,129],"substantially":[40,214],"increases":[41],"risk":[43],"leaking":[45],"(encrypted)":[47],"vault.":[48],"protect":[50],"password":[53,62,96],"against":[54,94],"guessing":[55,86],"attacks,":[56],"previous":[57,160],"work":[58],"has":[59],"introduced":[60],"cracking-resistant":[61,95],"based":[64,120,229],"Honey":[66],"Encryption.":[67],"If":[68],"decryption":[69],"is":[70,137,170,201,238],"attempted":[71],"with":[72,108,188,246],"wrong":[74],"they":[77,213],"output":[78],"plausible-looking":[79],"decoy":[80,106,199,244],"vaults,":[81],"thus":[82,112],"seemingly":[83],"disabling":[84],"offline":[85],"attacks.":[87,220],"In":[88],"this":[89,178],"work,":[90],"we":[91],"propose":[92,204],"attacks":[93,118],"that":[98,163,177,212,235],"able":[100,138,240],"distinguish":[102],"between":[103],"real":[104],"and":[105,111,168,210,233],"high":[109],"accuracy":[110],"circumvent":[113],"offered":[115],"protection.":[116],"These":[117],"differences":[122],"in":[123,159],"generated":[125],"distribution":[126,197],"passwords,":[128],"measured":[131],"using":[132],"Kullback-Leibler":[133],"divergence.":[134],"Our":[135],"attack":[136,158,179,237],"rank":[140,242,249],"correct":[142],"vault":[143],"into":[144],"1.3%":[146],"most":[147],"likely":[148],"(on":[150],"median),":[151],"compared":[152],"37.8%":[154],"best-reported":[157],"work.":[161],"(Note":[162],"smaller":[164],"ranks":[165],"better,":[167],"50%":[169],"achievable":[171],"random":[173],"guessing.)":[174],"We":[175,203,221],"demonstrate":[176,211],"is,":[180],"certain":[183],"extent,":[184],"fundamental":[186],"problem":[187],"all":[189],"static":[190],"Natural":[191],"Language":[192],"Encoders":[193],"(NLE),":[194],"where":[195],"fixed.":[202],"notion":[206],"adaptive":[208,227],"NLEs":[209],"limit":[215],"effectiveness":[217],"such":[219],"give":[222],"one":[223],"example":[224],"NLE":[228],"Markov":[231],"models":[232],"show":[234],"only":[239],"median":[248],"35.1%.":[251]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}