Statistical metrics for individual password strength (Transcript of discussion)

Joseph Bonneau

Research output: Chapter in Book/Report/Conference proceedingConference contribution


I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.

Original languageEnglish (US)
Title of host publicationSecurity Protocols XX - 20th International Workshop, Revised Selected Papers
Number of pages9
StatePublished - 2012
Event20th International Security Protocols Workshop - Cambridge, United Kingdom
Duration: Apr 12 2012Apr 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7622 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other20th International Security Protocols Workshop
Country/TerritoryUnited Kingdom

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Statistical metrics for individual password strength (Transcript of discussion)'. Together they form a unique fingerprint.

Cite this