Presentation Master Thesis Ruben Baecker: “Phoenix rises once again: How to defeat the (PW-)Hero”
On 27. September 2023 at 2 pm, Ruben Baecker will present his master thesis titled “Phoenix rises once again: How to defeat the (PW-)Hero”.
You can join the Zoom meeting using the following details:
Meeting ID: 657 8171 3404 Passcode: 728017
Passwords are the predominant authentication and access control methods in modern computer systems, including the Internet. In simple terms, a login server’s database holds not the password itself but the result of some Hash function. Unfortunately, most users choose short and predictable passwords. Therefore, an attacker can attempt to guess a user’s password and check in case of a data breach if he is correct by comparing the Hash to the stored value. Password hardening schemes help mitigate those offline dictionary attacks.
This thesis focuses on the most recent publication, which claims to offer never-beforeseen security. Despite the claims, we demonstrate two attacks against the scheme and uncover deficiencies in their security model. Consequently, we propose a well-defined security model, prove the relation between similar definitions, and present a novel, lightweight construction. We give formal proofs of the security properties the scheme achieves.