S E L E C T I N G
H O N E Y W O R D S F R O M
E X I S T I N G U S E R
P A S S W O R D S
P R E S E N T E D B Y :
R A S H W I N K U M A R - 2 4 5 1 - 1 2 - 7 3 3 - 3 2 2
A L L A D I M A H E S H - 2 4 5 1 - 1 2 - 7 3 3 - 3 2 4
I M E E N A K S H I - 2 4 5 1 - 1 2 - 7 3 3 - 3 1 6
• Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks
against hashed password databases.
• For each user account, the legitimate password is stored with several honeywords in
order to sense impersonation.
• If honeywords are selected properly, a cyber-attacker who steals a file of hashed
passwords cannot be sure if it is the real password or a honeyword for any account.
• Moreover, entering with a honeyword to login will trigger an alarm notifying the
administrator about a password file breach.
• At the expense of increasing the storage requirement by 20 times, the authors
introduce a simple and effective solution to the detection of password file disclosure
• Honeywords – enables detection of theft, prevents impersonation
• Honeywords are ``decoy passwords’’ (many for each user)
• Separate ``honeychecker’’ aids in password checking
• Why Honeywords?
6+ millions passwords
Hacked in june 2012
1.5 million passwords
450,000 passwords july
• In this respect, there are two issues that should be considered to overcome these
• First, passwords must be protected by taking appropriate precautions and storing with
their hash values computed through salting or some other complex mechanisms.
Hence, for an adversary it must be hard to invert hashes to acquire plaintext
• The second point is that a secure system should detect whether a password file
disclosure incident happened or not to take appropriate actions. In this study, we focus
on the latter issue and deal with fake passwords or accounts as a simple and cost
effective solution to detect compromise of passwords.
• Honey pot is one of the methods to identify occurrence of a password database
breach. In this approach, the administrator purposely creates deceit user accounts to
lure adversaries and detects a password disclosure, if any one of the honey pot
passwords get used.
PASSWORDS USUALLY STORED IN HASHED
• P = Alice’s password
• System stores mapping “Alice” h(P) in database, for a suitable hash
• When someone (perhaps Alice) tries to log in as Alice, system computes h(P’)
of submitted password P’
• and compares it to h(P). If equal, login is allowed.
• Hash function h should be easy to compute, hard to invert. Such ``one-
wayness’’ makes a stolen hash not so useful to adversary.
• To defeat precomputation attack, a per-user ``salt’’ value s is used: system
stores mapping “Alice”(s,h(s,P)). Hash h(s,P’) computed for submitted
password P’ and compared.
• Hashing with salting forces adversary who steals hashes and salts to find
passwords by brute-force offline search: adversary repeatedly guesses P’
until a P’ is found such that h(s,P’) = h(s,P)
• Also, hashing can be hardened (slowed) in various ways (e.g. bcrypt)
• This all seems good, but…
• Real passwords are often weak and easily guessed.
• Password-hash crackers now use models or sets of real passwords.
"Alice" , P
• "Alice": s,h(s,P)• Adversary compromises system ephemerally,
steals password hashes
• Adversary cracks hash, finding P
• Impersonate user(s) and logs in.
• Adversary almost always succeeds, and is
Honey Words Design
1. HoneyWords Verification
2. HoneyWords Generation
• The authentication system stores a
mapping from Alice to his set of
• A “honeychecker” stores the index
of the correct password for Alice
• Alice authenticates by submitting her
• The computer system checks her
password against all those it stores
• If a match is found, the index of that
match is sent to the honeychecker
• If the index is correct, Alice is
What is i ?
• With ideal honeywords, adversary
guesses correctly ( j = i ), with
probability only 1/n
• An attacker will submit a sweetword
• The computer system checks the
password against all those it stores
• If a match is found, the index of that
match is sent to the honeychecker for
• If the index is incorrect, an alarm is
Pj = P1
• Generation procedures of Honeywords are required to produce a ‘flat’ list denoted by
• Legacy-UI procedures: -
• Modified-UI procedure: - Take-a-tail
• the user password seeds the generator algorithm which tweaks selected character
positions of the real password to produce the honeywords.
• For instance,each character of a user password in predetermined positions is
replaced by a randomly chosen character of the same type: digits are replaced by
digits, letters by letters, and special characters by special characters.
• Number of positions to be tweaked, denoted as t should depend on system policy.
• The generator algorithm takes the password from the user and relying
on a probabilistic model of real passwords it produces the Honeywords.
• May not depend on user-chosen password
• However, attacker might have access to the list of passwords
• The password is splitted into character sets. For instance, "mice3blind"
is decomposed as 4-letters + 1-digit + 5-letters
L4+D1+L5 and replaced with the same composition like "gold5rings".
• The MD5 message-digest algorithm is a widely used cryptographic hash function
producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32-
digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic
applications, and is also commonly used to verify data integrity.
• A message digest algorithm is a hash function that takes a bit sequence of any length
and produces a bit sequence of a fixed small length.
• The output of a message digest is considered as a digital signature of the input data.
• MD5 is a message digest algorithm producing 128 bits of data.
• It uses constants derived to trigonometric Sine function.
• It loops through the original message in blocks of 512 bits, with 4 rounds of operations
for each block, and 16 operations in each round.
• Most modern programming languages provides MD5 algorithm as built-in functions.
SIMPLE MODEL ALGORITHM FOR HONEYWORDS
• 1: procedure SIMPLEMODEL(L)
• 2: w <--random(L) . // randomly returns a word from L
• 3: d <--length(w) . //returns length of word w
• 4: honeyword(1) <-- w(1) . //The first character is the just first character of w
• 5: for j <-- 2 to d do . //Probabilities of mod1, mod2 and else are 0.1, 0.4 and 0.5
• 6: if mod1 then
• 7: w <-- random(L), honeyword(j) <-- w(j) . // Add character in same position of new
• 8: else if mod2 then
• 9: w <--random(L), honeyword(j) <-- w(j) . //Select a random word s.t. w(j-1) =
• 10: else
• 11: honeyword(j) <-- w(j) . //Proceed with the same word
• 12: end if
• 13: end for
• 14: end procedure
DESIGN APPROACH :
1) Implementation: Firstly, T fake user accounts (honeypots) are created with their
also an index value between [1;N], but not used previously is assigned to each honeypot
2) Registration: After the initialization process, system is ready for user registration. In
this phase, a legacy-UI is preferred, i.e. a username and password are required from the
user as ui; pi to register the system.
3) HoneyWord: Incorporate an auxiliary secure server called a “honeychecker” .
The role and primary processes of the honeychecker: It executes two commands sent by
the main server:
i) Set: Ci,Ui
ii) Check: Ui;
4) Login: If entered password g is correct then login succesful,, else it will go to fake
server which is honeypot account and Alaram is raised.
• In the future, we would like to refine our model by involving hybrid
generation algorithms to also make the total hash inversion process
harder for an adversary in getting the passwords in plaintext form from a
leaked password hash file.
• In our approach, the auxiliary service honey checker is employed to
store correct indexes for each account and we assume that it
communicates with the main server through a secure channel in an
• Indeed, it can be assumed that security enhancements for honey
checker and the main server presented in are applied, but it is out scope
of this study.
• The role and primary processes of the honey checker are the same as
described in the original study.
• Eventually, passwords should be supplemented with stronger and more
convenient authentication methods
• A simple and powerful new line of defense in the security of hashed
• Decreases the value of the stolen password hash files
• Makes password cracking detectable.