TY - GEN
T1 - Statistical metrics for individual password strength
AU - Bonneau, Joseph
PY - 2012
Y1 - 2012
N2 - We propose several possible metrics for measuring the strength of an individual password or any other secret drawn from a known, skewed distribution. In contrast to previous ad hoc approaches which rely on textual properties of passwords, we consider the problem without any knowledge of password structure. This enables rating the strength of a password given a large sample distribution without assuming anything about password semantics. We compare the results of our generic metrics against those of the NIST metrics and other previous "entropy-based" metrics for a large password dataset, which suggest over-fitting in previous metrics.
AB - We propose several possible metrics for measuring the strength of an individual password or any other secret drawn from a known, skewed distribution. In contrast to previous ad hoc approaches which rely on textual properties of passwords, we consider the problem without any knowledge of password structure. This enables rating the strength of a password given a large sample distribution without assuming anything about password semantics. We compare the results of our generic metrics against those of the NIST metrics and other previous "entropy-based" metrics for a large password dataset, which suggest over-fitting in previous metrics.
UR - http://www.scopus.com/inward/record.url?scp=84870778932&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84870778932&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-35694-0_10
DO - 10.1007/978-3-642-35694-0_10
M3 - Conference contribution
AN - SCOPUS:84870778932
SN - 9783642356933
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 76
EP - 86
BT - Security Protocols XX - 20th International Workshop, Revised Selected Papers
T2 - 20th International Security Protocols Workshop
Y2 - 12 April 2012 through 13 April 2012
ER -