Skip to main content

Improving Usability Through Password-Corrective Hashing

  • Conference paper
String Processing and Information Retrieval (SPIRE 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4209))

Included in the following conference series:

Abstract

We propose a way to increase the usability of password authentication systems by compensating for transposition and substitution errors. We show how to correct for these errors with low false positive rates (i.e., low probability that an arbitrary string will be accepted as the password for authentication). Thus our techniques increase usability with provably little loss of security.

In particular, we propose applying a single password-corrective hash function to each entered password attempt. The key property of the hash function is that two strings differing by a single data entry error be likely to be hashed to the same key, while more substantially differing strings are hashed to different keys.

We develop precise analytical formulae for the precision/recall tradeoffs for a variety of corrective hash functions. We evaluate these methods at parameter values reflecting common classes of keys/passwords. Finally, we evaluate these schemes using a popular crack-list (dictionary) of 680,000 common words. We show that we can correct for all user transposition errors while reducing the computational cost of a crack attack by only 13%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Grudin, J.T.: Non-hierarchic specification of components in transcription typewriting. Acta Psychologica 54, 249–262 (1983)

    Article  Google Scholar 

  2. MacKenzie, I., Soukoreff, R.: A character-level error analysis technique for evaluating text entry methods. In: Proceedings of the second nordic conference on human-computer interaction. Nordic Conference on Human-Computer Interaction, pp. 241–244 (2002)

    Google Scholar 

  3. Peterson, J.L.: A note on undetected typing errors. Communications of the ACM 29(7) (July 1986)

    Google Scholar 

  4. Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the weakest link? a human/computer interaction approach to usable and effective security. British Telecom Technology Journal 19(3), 122–131 (2001)

    Google Scholar 

  5. T’s, J., Eckstein, R., Collier-Brown, D.: Using Samba. O’Reilly, Sebastopol (2003)

    Google Scholar 

  6. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  7. Frykholm, N., Juels, A.: Error-tolerant password recovery. In: CCS 2001: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 1–9. ACM Press, New York (2001)

    Chapter  Google Scholar 

  8. Spector, Y., Ginzberg, J.: Pass-sentence? a new approach to computer code. Comput. Secur. 13(2), 145–160 (1994)

    Article  Google Scholar 

  9. Cranor, L.F., Garfinkel, S.: Security and Usability. O’Reilly, Sebastopol (2005)

    Google Scholar 

  10. Knuth, D.E.: The Art of Computer Programming, vol. 3. Addison-Wesley Publishing Company, Reading (1973)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mehler, A., Skiena, S. (2006). Improving Usability Through Password-Corrective Hashing. In: Crestani, F., Ferragina, P., Sanderson, M. (eds) String Processing and Information Retrieval. SPIRE 2006. Lecture Notes in Computer Science, vol 4209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11880561_16

Download citation

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us

Policies and ethics