Password Cracking Project  /  Sep 2008

My MSc dissertation looking at the strength of passwords and how to go about generating a strong one.

About

After a project during my work placement testing the strengths of user passwords on computer clusters. I thought I would base my Computer Security MSc dissertation on something similar. This project looks at the strength of passwords and how people can generate memorable, secure passwords.

Abstract

Passwords have become the most common way for users to authenticate themselves and log in to systems. As more systems are using passwords, it is important that users have strong ones, but they also need to be able to remember them without resorting to bad habits such as writing them down. Most password policies suggest using upper and lower case letters, symbols and numbers in passwords. This is generally more secure than just a word, but may not be as secure as first thought. This paper looks at the ways people generate passwords and a program is created which uses similar methods to attempt to crack user passwords. The results showed that taking a word and inserting numbers or symbols or changing letters for numbers or symbols, create passwords which are straight forward to crack. Methods of creating strong, memorable passwords are then suggested and tested for both memorability and security.

Documentation

Download the documentation for the project:

Password Cracking Documentation [pdf | 493kb]

Poster

Download the poster for the project:

Password Cracking Poster [pdf | 234kb]

Questionnaire

For reference the questionnaire used in the project is available below.

Password Cracking Questionnaire

Please note, as the project is finished I am no longer collecting results from the questionnaire.