TY - GEN
T1 - Statistical metrics for individual password strength (Transcript of discussion)
AU - Bonneau, Joseph
PY - 2012
Y1 - 2012
N2 - I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.
AB - I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.
UR - http://www.scopus.com/inward/record.url?scp=84870810051&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84870810051&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-35694-0_11
DO - 10.1007/978-3-642-35694-0_11
M3 - Conference contribution
AN - SCOPUS:84870810051
SN - 9783642356933
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 87
EP - 95
BT - Security Protocols XX - 20th International Workshop, Revised Selected Papers
T2 - 20th International Security Protocols Workshop
Y2 - 12 April 2012 through 13 April 2012
ER -