拉大攻擊者和使用者之間的負擔差距可以在一段時間內有效的抵抗字典攻擊,除了擴增計算時間之外,擴增儲存空間需求也能增加攻擊者負擔。 ;More and more websites are replacing general physical services due to the increasing popularity of the Internet. A computer user having plenty of on-line membership is common. Users are asked to generate different, long, and complex (high-entropy) passwords for each account. However, people are not good at remember unique and secure passwords for all accounts. They will tend to use simple passwords, or reuse a password for different accounts. Generating high-entropy passwords on the basis of a memorable (low-entropy) master password will be a good choice. The combination of a master password, a site name, and a user name can generate a unique site password. Unfortunately, a memorable (low-entropy) master password will encounter off-line dictionary attacks.
Halderman et al proposed a password manager called Password Multiplier [1]. Password Multiplier using iterated hash function and pre-computation to defeat dictionary attacks enlarges an attacker′s computation time. The precomputed value stored in a user′s computer can reduce calculation.
In this paper, we propose two techniques that enlarged computational time and storage requirement based on a master password. Scheme 1 enlarging computational time based on the Password Multiplier. Scheme 1 reduces the calculation time and prevents a master password being derived from the value stored in the user′s computer. Scheme 2 enlarging storage requirement is on the basis of a huge database. Requesting information from the database takes time. An attacker will try to copy the information of the database in order to reduce requesting time. In addition, user account information will not exist in a user′s computer.
Enlarging the gap between users and attackers can defeat dictionary attacks in a period of time. Besides increasing computational time, increasing storage requirement can enlarge the cost of attackers.
