In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
South African Information Security Multi-Conference (SAISMC 2010)
Title: Heuristic Attack on Graphic Password Generation
Author(s): Schalk Willem Peach, Johannes Vorster, Renier van Heerden
Keywords: Graphical Passwords, Heuristic Password Attack, Password Cracking, Graphical Password Generator
Abstract: In this paper we explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example - operating system authentication.
We report on the development of a generic tool for password generation using such a graphical click-driven interface. This stand-alone tool can be used for generating passwords on the fly. We describe the approach and the usability of such a project. The project is available as an open-source project.
Next we investigate heuristic attacks against such generated passwords. By using a classifier methodology it is possible to develop specific attack-scenarios based on the category. Specific heuristic attacks are used to reduce the key-space such that brute-force cracking approaches become feasible. We report on these heuristic attacks and their success.
Lastly we give criteria for images that should be used in such password generation applications to avoid these types of heuristic attacks.
Download count: 2433
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.