150 likes | 257 Views
UNDERSTANDING PASSWORDS. Markus Jakobsson Mayank Dhiman. What Pwd Strength Checkers do. Long enough? Enough upper-case characters? Enough lower-case characters? Enough other stuff? Contains offending sequence?. YOU WANT TO FIND FAST RUNNERS?. Has yellow? Has black? Has tail?
E N D
UNDERSTANDING PASSWORDS Markus Jakobsson MayankDhiman
What Pwd Strength Checkers do Long enough? Enough upper-case characters? Enough lower-case characters? Enough other stuff? Contains offending sequence?
YOU WANT TO FIND FAST RUNNERS? Has yellow? Has black? Has tail? Has dots?
YOU WANT TO FIND FAST RUNNERS? Has yellow? Has black? Has tail? Has dots?
WHAT PWD CHECKERS should do Unlikely enough?
What IS Unlikely? We need to know the distribution
What IS Unlikely? That means we need to understand how passwords are generated We need to know the distribution
PROCESS? Setup a. Determine components and rules b. Parse tons of passwords, identify components/rules c. Record frequencies of component/rule occurrences
PROCESS? Setup a. Determine components and rules b. Parse tons of passwords, identify components/rules c. Record frequencies of component/rule occurrences 2. Assess password strength a. Parse; identify components and rules b. Determine probability of each component and rule c. Determine probability of password
wHat ELSE CAN WE DO? ATO classification Correlate with password reset, predict forgetting Determine degree of similarity How to communicate strength