Identifying And Removing Shadow Attacks Based On Password Reuses

Ruksana Khanum, Surya Kiran Chebrolu


We inspected the best in class Intra-Site Password Reuses (ISPR) and Cross-Site Password Reuses (CSPR) in view of the spilled passwords from the greatest Internet client gathering. With an accumulation of around 70 million genuine web passwords crosswise over four expansive sites in China, we acquired around 4.6 million unmistakable clients who have numerous records on a similar website or crosswise over various sites. We found that for the clients with numerous records in a solitary site reused their passwords and for the clients with different records on various sites reused their passwords crosswise over sites. For the clients that have numerous records however extraordinary passwords, the arrangement of passwords of a similar client displays designs that can help password speculating: a released feeble secret key uncovers halfway data of a solid one, which corrupts the quality of the solid one.


R. Morris and K. Thompson, “Password security: A case history,” Communications of the ACM, vol. 22(11), pp. 594–597, 1979.

A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, “The tangled web of password reuse,” in NDSS’2014, 2014.

D. Florencio and C. Herley, “A large-scale study of web password habits,” in WWW’07 Proceedings of the 16th international conference on World Wide Web, 2007, pp. 657–666.


Tianya, 166666.shtml.

Duduniu, “”


J. Bonneau, “The science of guessing: Analyzing an anonymized corpus of 70 million passwords,” in 2012 IEEE Symposium on Security and Privacy (SP), 2012, pp. 538–552.

J. Ma, W. Yang, M. Luo, and N. LI, “A study of probabilistic password models,” in Proceedings of IEEE Symposium on Security & Privacy, 2014.

Z. Li, W. Han, and W. Xu, “A large-scale empirical analysis of chinese web passwords,” in 23rd Usenix Security Symposium. San Diego: USENIX, 2014.

D. Wang, H. Cheng, Q. Gu, and P. Wang, “Understanding passwords of chineseusers:characteristics, security and implications,”, July 2014.

D. Schweitzer, J. Boleng, C. Hughes, and L. Murphy, “Visualizing keyboard pattern passwords,” in Visualization for Cyber Security, 2009. VizSec 2009. 6th International Workshop on. IEEE, 2009, pp. 69–73.

Wikipedia, “Levenshtein distance,” distance, May 2014.

——, “Longest common subsequence problem,” common subsequence, May 2014.

J. the Ripper, “John the ripper password cracker,”, May 2014.

Full Text: PDF [Full Text]


  • There are currently no refbacks.

Copyright © 2013, All rights reserved.|

Creative Commons License
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at