We notice that the " password security " discourse is missing a fundamental notion of the " password strength ". We propose a canonical measure of password's strength. We give formal definition of the " guessing attack " , and the " attacker's strategy ". The measure is based on the assessment of the efficiency of the best possible guessing attack. Unlike… (More)
On the premise that we are using passwords composed of multiple English words, we argue that using syntactically correct passphrases has no significant impact on the security in comparison to randomly arranged collections of words. We only analyze the contribution of the syntax itself. A comparison to the other kinds of passwords is out of the scope.
We propose a reliable measure of password's strength. We give formal definition of the guessing attack, and the attacker's strategy. The measure is based on the assessment of the efficiency of the best possible guessing attack. Unlike naive password strength assessments it takes into account the attacker's strategy. We argue strongly against widespread… (More)
This paper attempts to explain the consequences of the relational calculus not allowing relations to be domains of relations, and to suggest a solution for the issue. On the example of SQL we describe the consequent problem of the multitude of different representations for relations; analyze in detail the disadvantages of the notions " TABLE " and " FOREIGN… (More)