{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T23:02:12Z","timestamp":1765062132264},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030220372"},{"type":"electronic","value":"9783030220389"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22038-9_21","type":"book-chapter","created":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:02:31Z","timestamp":1560106951000},"page":"441-460","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Practical Password Hardening Based on TLS"],"prefix":"10.1007","author":[{"given":"Constantinos","family":"Diomedous","sequence":"first","affiliation":[]},{"given":"Elias","family":"Athanasopoulos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,6]]},"reference":[{"key":"21_CR1","unstructured":"Bible References Make Very Weak Passwords. \n                      https:\/\/boingboing.net\/2017\/01\/07\/bible-references-make-very-wea.html\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR2","unstructured":"Drupal - Open Source CMS. \n                      https:\/\/www.drupal.org\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR3","unstructured":"Hacker Posts 6.4 Million LinkedIn Passwords. \n                      http:\/\/www.technewsdaily.com\/7839-linked-passwords-hack.html"},{"key":"21_CR4","unstructured":"$${\\text{mod}}_{\\text{ ssl }}$$\n                      \n                        \n                          \n                            mod\n                            \n                              \n                              ssl\n                              \n                            \n                          \n                        \n                      \n                    : The apache interface to OpenSSL. \n                      http:\/\/www.modssl.org\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR5","unstructured":"Online Hash Crack. \n                      https:\/\/www.onlinehashcrack.com\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR6","unstructured":"Plain Text Offenders. \n                      http:\/\/plaintextoffenders.com\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR7","unstructured":"Protecting Basecamp from Breached Passwords. \n                      https:\/\/m.signalvnoise.com\/protecting-basecamp-from-breached-passwords\/\n                      \n                    . Accessed Feb 2019"},{"key":"21_CR8","unstructured":"Sony Hacked Again, 1 Million Passwords Exposed. \n                      http:\/\/www.informationweek.com\/security\/attacks\/sony-hacked-again-1-million-passwords-ex\/229900111"},{"key":"21_CR9","unstructured":"Twitter Detects and Shuts Down Password Data Hack in Progress. \n                      http:\/\/arstechnica.com\/security\/2013\/02\/twitter-detects-and-shuts-down-password-data-hack-in-progress\/"},{"key":"21_CR10","unstructured":"WordPress - Create a Website in Minutes. \n                      https:\/\/wordpress.com\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR11","unstructured":"Muffet, A.: Facebook: password hashing and authentication. \n                      https:\/\/video.adm.ntnu.no\/pres\/54b660049af94\n                      \n                    . Accessed Jan 2019"},{"key":"21_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-56617-7_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"J Alwen","year":"2017","unstructured":"Alwen, J., Chen, B., Pietrzak, K., Reyzin, L., Tessaro, S.: Scrypt is maximally memory-hard. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 33\u201362. Springer, Cham (2017). \n                      https:\/\/doi.org\/10.1007\/978-3-319-56617-7_2"},{"key":"21_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). \n                      https:\/\/doi.org\/10.1007\/3-540-45539-6_11"},{"key":"21_CR14","unstructured":"Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72\u201384. IEEE (1992)"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Burr, W.E., Dodson, D.F., Polk, W.T., et al.: Electronic authentication guideline. Commonly known as: Draft NIST Special Publication 800-63-2 (2004)","DOI":"10.6028\/NIST.SP.800-63v1.0"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23\u201326 February 2014","DOI":"10.14722\/ndss.2014.23357"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, SIGCHI (2006)","DOI":"10.1145\/1124772.1124861"},{"key":"21_CR18","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. Technical report (2008)","DOI":"10.17487\/rfc5246"},{"key":"21_CR19","unstructured":"Everspaugh, A., Chaterjee, R., Scott, S., Juels, A., Ristenpart, T.: The Pythia PRF service. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 547\u2013562. USENIX Association, Washington, D.C. (2015)"},{"key":"21_CR20","doi-asserted-by":"crossref","unstructured":"Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the Symposium on Usable Privacy and Security, SOUPS (2006)","DOI":"10.1145\/1143120.1143127"},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Gelernter, N., Kalma, S., Magnezi, B., Porcilan, H.: The password reset MitM attack. In: IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 251\u2013267, May 2017","DOI":"10.1109\/SP.2017.9"},{"key":"21_CR22","unstructured":"Hill, K.: Google says not to worry about 5 million Gmail passwords leaked. \n                      http:\/\/www.forbes.com\/sites\/kashmirhill\/2014\/09\/11\/google-says-not-to-worry-about-5-million-gmail-passwords-leaked\/"},{"key":"21_CR23","unstructured":"Karapanos, N., Capkun, S.: On the effective prevention of TLS man-in-the-middle attacks in web applications. In: USENIX Security Symposium, vol. 23, pp. 671\u2013686 (2014)"},{"key":"21_CR24","doi-asserted-by":"crossref","unstructured":"Kontaxis, G., Athanasopoulos, E., Portokalidis, G., Keromytis, A.D.: SAuth: protecting user accounts from password database leaks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 187\u2013198. ACM, New York (2013)","DOI":"10.1145\/2508859.2516746"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. Technical report (1997)","DOI":"10.17487\/rfc2104"},{"key":"21_CR26","unstructured":"Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S.M., Maffei, M., Schr\u00f6der, D.: Simple password-hardened encryption services. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1405\u20131421. USENIX Association, Baltimore (2018)"},{"key":"21_CR27","unstructured":"Lai, R.W.F., Egger, C., Schr\u00f6der, D., Chow, S.S.M.: Phoenix: rebirth of a cryptographic password-hardening service. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 899\u2013916. USENIX Association, Vancouver (2017)"},{"key":"21_CR28","unstructured":"U.S. Department of Commerce, National Institute of Standards, and Technology: Secure Hash Standard - SHS: Federal Information Processing Standards Publication 180-4. CreateSpace Independent Publishing Platform, USA (2012)"},{"key":"21_CR29","unstructured":"Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, pp. 81\u201391 (1999)"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Rivest, R.: The MD5 message-digest algorithm. Technical report (1992)","DOI":"10.17487\/rfc1321"},{"key":"21_CR31","doi-asserted-by":"crossref","unstructured":"Schneider, J., Fleischhacker, N., Schr\u00f6der, D., Backes, M.: Efficient cryptographic password hardening services from partially oblivious commitments. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1192\u20131203. ACM, New York (2016)","DOI":"10.1145\/2976749.2978375"},{"key":"21_CR32","unstructured":"Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, p. 5. USENIX Association, Berkeley (2012)"},{"issue":"5895","key":"21_CR33","doi-asserted-by":"publisher","first-page":"1465","DOI":"10.1126\/science.1160379","volume":"321","author":"L Ahn von","year":"2008","unstructured":"von Ahn, L., Maurer, B., McMillen, C., Abraham, D., Blum, M.: reCAPTCHA: human-based character recognition via web security measures. Science 321(5895), 1465\u20131468 (2008)","journal-title":"Science"},{"key":"21_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005). \n                      https:\/\/doi.org\/10.1007\/11426639_2"},{"key":"21_CR35","unstructured":"Wu, T.D., et al.: The secure remote password protocol. In: NDSS, vol. 98, pp. 97\u2013111. Citeseer (1998)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22038-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:11:43Z","timestamp":1560107503000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-22038-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030220372","9783030220389"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22038-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gothenburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.dimva2019.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"dimca2019.hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}