Statistical metrics for individual password strength (Transcript of discussion)

Joseph Bonneau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.

Original languageEnglish (US)
Title of host publicationSecurity Protocols XX - 20th International Workshop, Revised Selected Papers
Pages87-95
Number of pages9
Volume7622 LNCS
DOIs
StatePublished - 2012
Event20th International Security Protocols Workshop - Cambridge, United Kingdom
Duration: Apr 12 2012Apr 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7622 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other20th International Security Protocols Workshop
CountryUnited Kingdom
CityCambridge
Period4/12/124/13/12

Fingerprint

Password
Websites
Metric
Piles
Statistics
Network protocols
Thing

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Bonneau, J. (2012). Statistical metrics for individual password strength (Transcript of discussion). In Security Protocols XX - 20th International Workshop, Revised Selected Papers (Vol. 7622 LNCS, pp. 87-95). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7622 LNCS). https://doi.org/10.1007/978-3-642-35694-0_11

Statistical metrics for individual password strength (Transcript of discussion). / Bonneau, Joseph.

Security Protocols XX - 20th International Workshop, Revised Selected Papers. Vol. 7622 LNCS 2012. p. 87-95 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7622 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bonneau, J 2012, Statistical metrics for individual password strength (Transcript of discussion). in Security Protocols XX - 20th International Workshop, Revised Selected Papers. vol. 7622 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7622 LNCS, pp. 87-95, 20th International Security Protocols Workshop, Cambridge, United Kingdom, 4/12/12. https://doi.org/10.1007/978-3-642-35694-0_11
Bonneau J. Statistical metrics for individual password strength (Transcript of discussion). In Security Protocols XX - 20th International Workshop, Revised Selected Papers. Vol. 7622 LNCS. 2012. p. 87-95. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-35694-0_11
Bonneau, Joseph. / Statistical metrics for individual password strength (Transcript of discussion). Security Protocols XX - 20th International Workshop, Revised Selected Papers. Vol. 7622 LNCS 2012. pp. 87-95 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{6917a338649c47b39115f0116e3842a7,
title = "Statistical metrics for individual password strength (Transcript of discussion)",
abstract = "I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.",
author = "Joseph Bonneau",
year = "2012",
doi = "10.1007/978-3-642-35694-0_11",
language = "English (US)",
isbn = "9783642356933",
volume = "7622 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "87--95",
booktitle = "Security Protocols XX - 20th International Workshop, Revised Selected Papers",

}

TY - GEN

T1 - Statistical metrics for individual password strength (Transcript of discussion)

AU - Bonneau, Joseph

PY - 2012

Y1 - 2012

N2 - I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.

AB - I'm not proposing any protocols here, I'm talking about passwords, which is what I've spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There's a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I've developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.

UR - http://www.scopus.com/inward/record.url?scp=84870810051&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870810051&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-35694-0_11

DO - 10.1007/978-3-642-35694-0_11

M3 - Conference contribution

AN - SCOPUS:84870810051

SN - 9783642356933

VL - 7622 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 95

BT - Security Protocols XX - 20th International Workshop, Revised Selected Papers

ER -