- An Oblivious Password Cracking Server
- Aureliano Calvo, Ariel Futoransky, Carlos Sarraute
- 41th JAIIO
- Date published
- hellman_tables, rainbow_tables, private_information_retrieval, password_cracking_tables, cryptography, hashes, hashing_function, privacy
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power.
In this paper we present a method to preserve the condentiality of a password cracker|wherein the tables used to crack the passwords are stored by a third party|by combining Hellman tables and Private Information Retrieval (PIR) protocols. We provide the technical details of this method, analyze its complexity, and show the experimental results obtained with our implementation.