Honeywords are additional fake passwords that are stored alongside real user passwords to improve security. When a password file is stolen, attackers cannot determine the real passwords from the honeywords. The document discusses types of attacks, password policies, how honeywords are generated and stored, and how they create confusion for attackers to better protect user passwords and detect hacking attempts.
2. CONTENTS
• Introduction
• Types of Attacks
• Password Eligibility Policy
• Attack Scenarios
• What is Honeyword
• Hashing The Password
• Honeyword Generation Method
• Honeychecker
• Structure of Honeyword
• Use of Honeyword
• Conclusion
3. • Now a days millions of people face the problem of password security.
Because no matter how much money or time you invest in managing the
usernames and passwords, your service is still not secured.
For example: online payment for shopping using credit card , where they ask
us to give our personal details like credit card number, CVV, expiry date
.which can be easily hacked by the hacker through the database .
• To overcome such problems the concept of honeyword is introduced where
the passwords can be secured .
INTRODUCTION
4. TYPES OF ATTACKS
1. Brute force attack.
2. Guessing attacks.
3. Network monitoring.
4. Phishing
5. Malwares
6. Password syntax rules
• Password values must include a variety of characters
within the supported characted set .
• for exmple.
Both alphabetic& numeric character requied
At least one special character is required, such as a symbol,
an character, or a punctuation mark.
At least uppercase & lowercase latter is required.
Password value must be in minimum lenth.
7.
8. List of some common passwords
1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password1
10. 12345
9. List of some popular passwords
1. 666666
2. 18atcskd2w
3. 7777777
4. 1q2w3e4r
5. 654321
6. 555555
7. 3rjs1la7qe
8. Tafuna123
9. 1q2w3e4r5t
10. ilovekimora
11. 24 Superman2231
12. 25 BEBE POGI
10. ATTACK SCENARIOS
1. Stolen files of password hashes
2. Visible passwords
3. Same password for many systems or services
4. Passwords stolen from users
5. Password change compromised
11. WHAT IS HONEYWORD ?
• A simple method for improving the security of the hashed passwords.
• The maintenance of additional honeywords (false passwords) associated with each
user’s account.
• An adversary who steals a file of hashed passwords and inverts The hash function
cannot tell if he has found the password or honeyword.
HASHING THE PASSWORD
• Hashes of the password are stored. When user submits password, it is hashed and
compared to the stored value.
• If attacker gains database, he gets the user-ID and hash value of the password.
• So for the attacker it is somewhat difficult to crack the password compared to the
before method.
12. HONEYWORD GENERATION METHOD :
1. Chaffing-by- tweaking
2. Chaffing-with- a-password- model
3. Chaffing with tough nuts
4. Hybrid Method
13. HONEYCHECKER
1. Set: i, j Sets c(i) to have value j.
2. Check: i, j Checks that c(i) = j. May return result of check to
requesting computer system. May raise an alarm if check
fails.
15. USE OF HONEYWORD
• An auxiliary service called a honeychecker checks whether a password submitted
by a user on login is her true password or a honeyword.
16. CONCLUSION
• Using honeyword we can secure our data.
• Honeyword makes password more secure and reliable and it creates confusion
for the attacker.
• Due to this any hacker’s hacking activity will set alarm for user so that he can
secure his data.
• Attackers can then refine their models of user password selection and design
faster password cracking algorithms. Thus every breach of a password server
has the potential to improve future attacks.
• Some Honeyword generation strategies, particularly chaffing ones, obscure
actual user password choices, and thus complicate model building for would-
be hash crackers.