Analysis Of Default Passwords In Routers Against Brute-Force Attack
[Full Text]
AUTHOR(S)
Mohammed Farik, ABM Shawkat Ali
KEYWORDS
Index Terms: brute-force, default passwords, entropy, router security
ABSTRACT
Abstract: Password authentication is the main means of access control on network routers, and router manufacturers provide a default password for initial login to the router. While there has been many publications regarding the minimum requirements of a good password, how widely the manufacturers themselves are adhering to the minimum standards, and whether these passwords can withstand brute-force attack are not widely known. The novelty of this research is that this is the first time default passwords have been analyzed and documented from such a large variety of router models to reveal password strengths or weaknesses against brute-force attacks. Firstly, individual default router password of each model was collected, tabulated, and tested using password strength meter for entropy. Then, descriptive statistical analysis was performed on the tabulated data. The analysis revealed quantitatively how strong or weak default passwords are against brute-force attacks. The results of this research give router security researchers, router manufacturers, router administrators a useful guide on the strengths and weaknesses of passwords that follow similar patterns.
REFERENCES
[1] D. Morley and C. S. Parker, Understanding Computers: Today and Tomorrow, 14th ed., Boston: Course Technology- Cengage Learning, 2013, p. 352.
[2] "RouterPasswords," [Online]. Available: http://www.routerpasswords.com. [Accessed 10 April 2014].
[3] "Understanding Password attacks," [Online]. Available: http://passwordstrengthcalculator.org/understand.php. [Accessed 10 April 2014].
[4] "Interpreting the Calculation," [Online]. Available: http://passwordstrengthcalculator.org/interpret.php. [Accessed 10 April 2014].
[5] "Estimate password strength and survivability," [Online]. Available:http://passwordstrengthcalculator.org/index.php. [Accessed 10 April 2014].
[6] "Create Effective Passwords," [Online]. Available: http://passwordstrengthcalculator.org/understand.php. [Accessed 10 April 2014].
[7] "ASCII chart," [Online]. Available: http://lookuptables.com. [Accessed 10 April 2014].
|