An Oblivious Password Cracking Server
This addresses privacy concerns for users querying password cracking services, particularly in cloud-based or resource-constrained settings, but is incremental as it builds on existing cryptographic techniques.
The paper tackles the problem of building a password cracking server that preserves query privacy by combining Hellman tables and Private Information Retrieval protocols, achieving experimental results that demonstrate feasibility with specific complexity metrics.
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power. In this paper we present a method to preserve the confidentiality of a password cracker---wherein the tables used to crack the passwords are stored by a third party---by combining Hellman tables and Private Information Retrieval (PIR) protocols. We provide the technical details of this method, analyze its complexity, and show the experimental results obtained with our implementation.