Towards Formal Verification of Password Generation Algorithms used in Password Managers

06/07/2021
by   Miguel Grilo, et al.
0

Password managers are important tools that enable us to use stronger passwords, freeing us from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust password managers. In this paper, we focus on a feature that most password managers offer that might impact the user's trust, which is the process of generating a random password. We survey which algorithms are most commonly used and we propose a solution for a formally verified reference implementation of a password generation algorithm. We use EasyCrypt as our framework to both specify the reference implementation and to prove its functional correctness and security.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
12/08/2018

A Verified Timsort C Implementation in Isabelle/HOL

Formal verification of traditional algorithms are of great significance ...
research
10/22/2021

Formal Verification of the Ethereum 2.0 Beacon Chain

We report our experience in the formal verification of the reference imp...
research
09/12/2017

A certified reference validation mechanism for the permission model of Android

Android embodies security mechanisms at both OS and application level. I...
research
06/21/2023

Coqlex: Generating Formally Verified Lexers

A compiler consists of a sequence of phases going from lexical analysis ...
research
09/01/2023

Security Verification of Low-Trust Architectures

Low-trust architectures work on, from the viewpoint of software, always-...
research
06/24/2023

LLM-assisted Generation of Hardware Assertions

The security of computer systems typically relies on a hardware root of ...
research
05/13/2020

Personalized Chatbot Trustworthiness Ratings

Conversation agents, commonly referred to as chatbots, are increasingly ...

Please sign up or login with your details

Forgot password? Click here to reset