{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2021:WPF2V3GWDALLPLWCIYTFQNJK64","short_pith_number":"pith:WPF2V3GW","canonical_record":{"source":{"id":"2109.14490","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2021-09-29T15:16:59Z","cross_cats_sorted":[],"title_canon_sha256":"badd8ab7fa3d585c8587d18077322a6c0840089d66104be1d96bc4cc264f2bea","abstract_canon_sha256":"878617d6acb784336d0e0dfdb17b35300b8bb318750d17e9c67b85f422138751"},"schema_version":"1.0"},"canonical_sha256":"b3cbaaecd61816b7aec2462658352af7327733c15f9aebeea0cbad440c4681fe","source":{"kind":"arxiv","id":"2109.14490","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2109.14490","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"arxiv_version","alias_value":"2109.14490v2","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2109.14490","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_12","alias_value":"WPF2V3GWDALL","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_16","alias_value":"WPF2V3GWDALLPLWC","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_8","alias_value":"WPF2V3GW","created_at":"2026-07-05T04:08:03Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2021:WPF2V3GWDALLPLWCIYTFQNJK64","target":"record","payload":{"canonical_record":{"source":{"id":"2109.14490","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2021-09-29T15:16:59Z","cross_cats_sorted":[],"title_canon_sha256":"badd8ab7fa3d585c8587d18077322a6c0840089d66104be1d96bc4cc264f2bea","abstract_canon_sha256":"878617d6acb784336d0e0dfdb17b35300b8bb318750d17e9c67b85f422138751"},"schema_version":"1.0"},"canonical_sha256":"b3cbaaecd61816b7aec2462658352af7327733c15f9aebeea0cbad440c4681fe","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T04:08:03.930253Z","signature_b64":"wLGINECTTaFWcQMsNCnBDGf95sn54iow8nb0C1WAlCUqf2PQMgWbvfykX8Kf8tZ9d99gJ6aA8T+VvDPakh3NDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"b3cbaaecd61816b7aec2462658352af7327733c15f9aebeea0cbad440c4681fe","last_reissued_at":"2026-07-05T04:08:03.929849Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T04:08:03.929849Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2109.14490","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T04:08:03Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Z/sr8qqw/FnMu1Vd7BaIOrdHmRrDzgROz3D8cjDnRndgDt0loyblR8uKSeXXfxMJuLnU6u3B11bnBwuB2KTxAw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T14:58:04.105691Z"},"content_sha256":"5b0c4c682af810a6bd18bec28f66cb8bad6aee4c837b7147329c4e209f529e69","schema_version":"1.0","event_id":"sha256:5b0c4c682af810a6bd18bec28f66cb8bad6aee4c837b7147329c4e209f529e69"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2021:WPF2V3GWDALLPLWCIYTFQNJK64","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Might I Get Pwned: A Second Generation Compromised Credential Checking Service","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Bijeeta Pal, Christopher Wood, Luke Valenta, Marina Sanusi, Mazharul Islam, Nick Sullivan, Rahul Chattejee, Tara Whalen, Thomas Ristenpart","submitted_at":"2021-09-29T15:16:59Z","abstract_excerpt":"Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a username, password pair is exposed. These services however only check if the exact password is leaked, and therefore do not mitigate credential tweaking attacks - attempts to compromise a user account with variants of a user's leaked passwords. Recent work has shown credential tweaking attacks can compromise accounts quite effectively even when the credential stuf"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2109.14490","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2109.14490/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T04:08:03Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"4syMNUcCIl3tVUeUPM9hk02oRIlIiXNquC7qRrECH+k+J7g3mUjlNQOeAArwBzifj07VNf9kWpe+4SG5hRZxBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T14:58:04.106373Z"},"content_sha256":"0bd238b155d7de9572a7fc8cf4399ab80cf961da0d9237fbedc662ae6286f2ac","schema_version":"1.0","event_id":"sha256:0bd238b155d7de9572a7fc8cf4399ab80cf961da0d9237fbedc662ae6286f2ac"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/WPF2V3GWDALLPLWCIYTFQNJK64/bundle.json","state_url":"https://pith.science/pith/WPF2V3GWDALLPLWCIYTFQNJK64/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/WPF2V3GWDALLPLWCIYTFQNJK64/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-05T14:58:04Z","links":{"resolver":"https://pith.science/pith/WPF2V3GWDALLPLWCIYTFQNJK64","bundle":"https://pith.science/pith/WPF2V3GWDALLPLWCIYTFQNJK64/bundle.json","state":"https://pith.science/pith/WPF2V3GWDALLPLWCIYTFQNJK64/state.json","well_known_bundle":"https://pith.science/.well-known/pith/WPF2V3GWDALLPLWCIYTFQNJK64/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2021:WPF2V3GWDALLPLWCIYTFQNJK64","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"878617d6acb784336d0e0dfdb17b35300b8bb318750d17e9c67b85f422138751","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2021-09-29T15:16:59Z","title_canon_sha256":"badd8ab7fa3d585c8587d18077322a6c0840089d66104be1d96bc4cc264f2bea"},"schema_version":"1.0","source":{"id":"2109.14490","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2109.14490","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"arxiv_version","alias_value":"2109.14490v2","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2109.14490","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_12","alias_value":"WPF2V3GWDALL","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_16","alias_value":"WPF2V3GWDALLPLWC","created_at":"2026-07-05T04:08:03Z"},{"alias_kind":"pith_short_8","alias_value":"WPF2V3GW","created_at":"2026-07-05T04:08:03Z"}],"graph_snapshots":[{"event_id":"sha256:0bd238b155d7de9572a7fc8cf4399ab80cf961da0d9237fbedc662ae6286f2ac","target":"graph","created_at":"2026-07-05T04:08:03Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2109.14490/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a username, password pair is exposed. These services however only check if the exact password is leaked, and therefore do not mitigate credential tweaking attacks - attempts to compromise a user account with variants of a user's leaked passwords. Recent work has shown credential tweaking attacks can compromise accounts quite effectively even when the credential stuf","authors_text":"Bijeeta Pal, Christopher Wood, Luke Valenta, Marina Sanusi, Mazharul Islam, Nick Sullivan, Rahul Chattejee, Tara Whalen, Thomas Ristenpart","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2021-09-29T15:16:59Z","title":"Might I Get Pwned: A Second Generation Compromised Credential Checking Service"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2109.14490","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:5b0c4c682af810a6bd18bec28f66cb8bad6aee4c837b7147329c4e209f529e69","target":"record","created_at":"2026-07-05T04:08:03Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"878617d6acb784336d0e0dfdb17b35300b8bb318750d17e9c67b85f422138751","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2021-09-29T15:16:59Z","title_canon_sha256":"badd8ab7fa3d585c8587d18077322a6c0840089d66104be1d96bc4cc264f2bea"},"schema_version":"1.0","source":{"id":"2109.14490","kind":"arxiv","version":2}},"canonical_sha256":"b3cbaaecd61816b7aec2462658352af7327733c15f9aebeea0cbad440c4681fe","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"b3cbaaecd61816b7aec2462658352af7327733c15f9aebeea0cbad440c4681fe","first_computed_at":"2026-07-05T04:08:03.929849Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T04:08:03.929849Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"wLGINECTTaFWcQMsNCnBDGf95sn54iow8nb0C1WAlCUqf2PQMgWbvfykX8Kf8tZ9d99gJ6aA8T+VvDPakh3NDw==","signature_status":"signed_v1","signed_at":"2026-07-05T04:08:03.930253Z","signed_message":"canonical_sha256_bytes"},"source_id":"2109.14490","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:5b0c4c682af810a6bd18bec28f66cb8bad6aee4c837b7147329c4e209f529e69","sha256:0bd238b155d7de9572a7fc8cf4399ab80cf961da0d9237fbedc662ae6286f2ac"],"state_sha256":"346ff28f303a6de31f892f4d6fb729a791045f081ed7305ce6f8076089d915fa"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JCuRFlN8YHXvPZb9fh60vMQ+WxBmzuC7Mzh9/1ceijyo4fQ4N55WujVZtKaiON0xkkeCQfahI2DzQY0PU1HvAQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-05T14:58:04.110254Z","bundle_sha256":"13f7382ea3a4cc5db3232d6439ee20ff03f6ceba84242af5313b39af43403755"}}