Passwords are the most widely used authentication mechanism in computer environments. In the computer systems, applications and networks mentioned above, passwords are used to protect the identity of the users and to enable authenticated access to resources and data. For authentication of the users, their password data have to be stored within the protected environment, so that it can be verified if it matches the password entered by the user when accessing the system. All such protected systems typically have system administrators, which are privileged users and can access data without being limited as the normal users are. Technically, the administrators are able to extract and see the other users' password data.
In order to prevent the exposure of passwords, computer systems usually implement password encryption (also called password hashing). This operation transforms the actual user password (called the plain text password) into encoded data (called the cipher text password). The cipher text can be used to verify whether the entered password is correct, but it cannot be used to determine the plain text, because the employed encryption algorithm is an irreversible mathematical operation. When the user enters the password, the plain text is encoded and compared to the stored cipher text—if it matches, the password is correct.
In a typical computer security compromise, the cipher text data becomes exposed and the attacker tries to determine the plain text from the cipher text, in order to find the actual passwords. As the mathematical operation of encoding is irreversible, the attacker has to try different plain texts, encode them, and find one which matches the cipher text. Various strategies are employed: brute force (where all the letter, number and special character combinations are tried), dictionary (where all the words in a list are tried) and several combinations based on the above. This process is commonly called “password recovery”.
In order to make this process take a very long time, the mathematical operations used for encoding employ complex encryption and hashing algorithms. The aim of this design is to protect the passwords by making the password recovery process take too much time to be effective in recovering the plain text password data.
Over the past years, the computers have become more and more powerful, being able to execute the encryption operations much faster. The encryption algorithms have also been upgraded to be harder to recover. The result of this process is that currently passwords are relatively easy to recover if the password complexity is low, and hard to impossible if the password complexity is high. Companies and organizations typically define password policies, which specify how complex the passwords have to be which are used in their computer system, application or network.
Various factors can lead to the exposure of plain text passwords, such as using the same initialization password in a given company when setting up new accounts, using predictable or easy to remember passwords, using the same password in multiple systems, etc. Companies and organizations typically enforce their password policies in order to prevent such exposure. However, these policies cannot be made too strict, because then the users will start forgetting their passwords. An ideal system would enforce strong passwords, which are complex enough but possible to memorize, each user being able to choose: e.g., one will use a shorter but completely random password, while another will use a very long but relatively easy to remember password; both would be sufficiently strong.
The large number of successful attacks targeting passwords in the last years indicates that the current technology, or the way it is employed, does not succeed in preventing the usage of weak, predictable passwords.
There are basically two possibilities for the owner or administrator, respectively, of a computer system, application or network to make sure that the users in the given company or organization use strong passwords: firstly by enforcing a strong password policy when the password is changed, and secondly by actively checking the stored cipher text passwords to identify weak, predictable passwords. The first method provides the most basic protection, but very often it is not effective, as the users will try to use easy to memorize passwords, even with a strong policy. The second method could compensate the weaknesses of the first one, by actively simulating a real attack and thus detecting any weak or predictable passwords of the users. However, this method often cannot be employed due to legal restrictions, because it reveals the plain text passwords to the system administrator, or at least makes such a revelation possible. This is considered as contravening data privacy protection, and is therefore illegal in most countries.
It is the object underlying the invention to provide a system which allows to determine the strength of user passwords and to provide this information to the administrator of the computer system, application or network, without revealing the passwords themselves to the administrator or any other person.