Peach, SVorster, JVan Heerden, Renier P2010-10-222010-10-222010-05Peach, S, Vorster, J and Van Heerden, R. 2010. Heuristic attacks against graphical password generators. Proceedings of the South African Information Security Multi-Conference, Port Elizabeth, South Africa, 17-18 May 2010, pp 13978-1-84102-256-7http://hdl.handle.net/10204/4487Proceedings of the South African Information Security Multi-Conference, Port Elizabeth, South Africa, 17-18 May 2010In this paper the authors explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example - operating system authentication. They report on the development of a generic tool for password generation using such a graphical click-driven interface. This stand-alone tool can be used for generating passwords on the fly. They describe the approach and the usability of such a project. The project is available as an open-source project. Next they investigate heuristic attacks against such generated passwords. By using a classifier methodology it is possible to develop specific attack-scenarios based on the category. Specific heuristic attacks are used to reduce the key-space such that brute-force cracking approaches become feasible. They report on these heuristic attacks and their success. Lastly they give criteria for images that should be used in such password generation applications to avoid these types of heuristic attacks.enGraphical passwordsHeuristic password attackPassword crackingGraphical password generatorHeuristic attacksConference PresentationPeach, S., Vorster, J., & Van Heerden, R. P. (2010). Heuristic attacks against graphical password generators. http://hdl.handle.net/10204/4487Peach, S, J Vorster, and Renier P Van Heerden. "Heuristic attacks against graphical password generators." (2010): http://hdl.handle.net/10204/4487Peach S, Vorster J, Van Heerden RP, Heuristic attacks against graphical password generators; 2010. http://hdl.handle.net/10204/4487 .TY - Conference Presentation AU - Peach, S AU - Vorster, J AU - Van Heerden, Renier P AB - In this paper the authors explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example - operating system authentication. They report on the development of a generic tool for password generation using such a graphical click-driven interface. This stand-alone tool can be used for generating passwords on the fly. They describe the approach and the usability of such a project. The project is available as an open-source project. Next they investigate heuristic attacks against such generated passwords. By using a classifier methodology it is possible to develop specific attack-scenarios based on the category. Specific heuristic attacks are used to reduce the key-space such that brute-force cracking approaches become feasible. They report on these heuristic attacks and their success. Lastly they give criteria for images that should be used in such password generation applications to avoid these types of heuristic attacks. DA - 2010-05 DB - ResearchSpace DP - CSIR KW - Graphical passwords KW - Heuristic password attack KW - Password cracking KW - Graphical password generator KW - Heuristic attacks LK - https://researchspace.csir.co.za PY - 2010 SM - 978-1-84102-256-7 T1 - Heuristic attacks against graphical password generators TI - Heuristic attacks against graphical password generators UR - http://hdl.handle.net/10204/4487 ER -