Article
A Comprehensive Evaluation on the Benefits of Context Based Password Cracking for Digital Forensics
Contribution Summary
This paper presents a comprehensive evaluation on the benefits of context-based password cracking for digital forensics. The study demonstrates that targeted approaches can increase the likelihood of success when contextual information is available and can be exploited. The authors present an experimental methodology and results section analyzing the approach's performance across ten datasets of varying topics, proving the impact of context in password cracking. The study contributes to the field of password cracking and digital forensics, providing a tailored approach using available contextual information of the suspect. The findings of this research have significant implications for law enforcement agencies and digital investigators, highlighting the importance of considering contextual information in password cracking processes.
Keywords: Password cracking; Context-based password cracking; Digital forensics; Password security; Law enforcement investigation; Password analysis; Contextual information; Password trends
Abstract
Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password's strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect's weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter - however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.
BibTeX
@article{kanta2024ContextBasedPasswordCracking,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{A Comprehensive Evaluation on the Benefits of Context Based Password Cracking for Digital Forensics}",
journal="{Journal of Information Security and Applications}",
year=2024,
pages = {},
volume = {},
month=06,
issn = {2214-2126},
abstract={Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password's strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect's weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter -- however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.},
doi={10.1016/j.jisa.2024.103809},
}