Password Compromise Checking Service

Student: Kamnev Petr

Educational Programme: Software Engineering (Bachelor)

Year of Graduation: 2024

Modern information security standards require information systems to check user passwords against a «blacklist» before installation, since typical password policies (minimum password length, minimum number of different character types) do not protect against the use of weak passwords such as «Pasword1» or «ILoveYou». This thesis is intended to implement and compare two different protocols for anonymous password verification against a compromised password database: a protocol using the k-anonymity[1] approach based on a hash function and a protocol using the Private Set Intersection[2] algorithm, which allows the server not to disclose information about the compromised password database. This paper contains 51 pages, 4 chapters, 14 figures, 3 tables, 48 sources. Keywords: Cybersecurity, Password authentication, Password policies, Compromised password databases, K-anonymity, Private Set Intersection (PSI) algorithm, Commutative encryption, Credential stuffing.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses