Corpus ID: 15790006

A Password Strength Measure

  title={A Password Strength Measure},
  author={E. Panferov},
We propose a reliable measure of password’s strength. We give formal definition of the guessing attack, and the attacker’s strategy. The measure is based on the assessment of the efficiency of the best possible guessing attack. Unlike naive password strength assessments it takes into account the attacker’s strategy. We argue strongly against widespread informal assumptions about “strong” and “weak” passwords. This paper does NOT advise you to include “at least three capital letters”, seven… Expand
1 Citations
Outsmarting Passwords : An Analysis on the use of Smart Cards for Single Sign-On in Legacy Applications
By leveraging smart-cards as a bearer of user credentials for legacy applications the security of these systems can be greatly increased. In this thesis a solution to the problem of legacy applicatExpand


Testing metrics for password creation policies by attacking large sets of revealed passwords
This paper attempts to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies, by modeling the success rate of current password cracking techniques against real user passwords. Expand
Measuring Password Strength: An Empirical Analysis
An in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy shows that there will always be a subset of users with extremely strong passwords that are very unlikely to be broken. Expand
Philosophical Survey of Passwords
The process of passwords is studied to rank its strengths and weaknesses in order to establish a quality metric for passwords, and the process to human senses is related which enables a constitutional scheme for the process of password. Expand
Password Cracking Using Probabilistic Context-Free Grammars
This paper discusses a new method that generates password structures in highest probability order by automatically creating a probabilistic context-free grammar based upon a training set of previously disclosed passwords, and then generating word-mangling rules to be used in password cracking. Expand
A large-scale study of web password habits
The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. Expand
A Real-World Analysis of Kerberos Password Security
The author explores possible strategies for repairing this security hole, the most viable of which is the use of Kerberos V5 preauthentication coupled with a secure password authentication protocol such as SRP. Expand
Zipfs Law in Passwords
  • Zipfs Law in Passwords
  • 2015
Choosing Secure Password
  • Choosing Secure Password
  • 2007
Why you can’t trust password strength meters
  • Naked Security,
  • 2015
Philosophical Survey of Passwords, IJCSI International Journal of Computer Science Issues
  • Philosophical Survey of Passwords, IJCSI International Journal of Computer Science Issues
  • 2009