understanding passwords
DESCRIPTION
UNDERSTANDING PASSWORDS. Markus Jakobsson Mayank Dhiman. What Pwd Strength Checkers do. Long enough? Enough upper-case characters? Enough lower-case characters? Enough other stuff? Contains offending sequence?. YOU WANT TO FIND FAST RUNNERS?. Has yellow? Has black? Has tail? - PowerPoint PPT PresentationTRANSCRIPT
UNDERSTANDING PASSWORDS
MARKUS JAKOBSSONMAYANK DHIMAN
2
WHAT PWD STRENGTH CHECKERS DO
Long enough?Enough upper-case characters?Enough lower-case characters?
Enough other stuff?Contains offending sequence?
3
YOU WANT TO FIND FAST RUNNERS?
Has yellow?Has black?Has tail?
Has dots?
4
YOU WANT TO FIND FAST RUNNERS?
Has yellow?Has black?Has tail?
Has dots?
5
WHAT PWD CHECKERS SHOULD DO
Unlikely enough?
6
WHAT IS UNLIKELY?
7
WHAT IS UNLIKELY?
We need to know the distribution
8
WHAT IS UNLIKELY?
That means we need to understand how passwords are generatedWe need to know the distribution
9
PROCESS?
1. Setupa. Determine components and rulesb. Parse tons of passwords, identify components/rulesc. Record frequencies of component/rule occurrences
10
PROCESS?
1. Setupa. Determine components and rulesb. Parse tons of passwords, identify components/rulesc. Record frequencies of component/rule occurrences
2. Assess password strengtha. Parse; identify components and rulesb. Determine probability of each component and rulec. Determine probability of password
11
COMPONENTS
12
RULES
13
SOME RESULTS
14
SOME RESULTS
15
WHAT ELSE CAN WE DO?
ATO classificationCorrelate with password reset, predict forgetting
Determine degree of similarityHow to communicate strength