The new S language: a programming environment for data analysis and graphics
The new S language: a programming environment for data analysis and graphics
Protecting secret keys with personal entropy
Future Generation Computer Systems - Special issue on security on the Web
Password security: a case history
Communications of the ACM
Authentication: from passwords to public keys
Authentication: from passwords to public keys
A Unified and Generalized Treatment of Authentification Theory
STACS '96 Proceedings of the 13th Annual Symposium on Theoretical Aspects of Computer Science
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Protection aspects of iconic passwords on mobile devices
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
| Hi-index | 0.00 |
We would like to quantify the assurance contained in an authentication secret. For instance, how much assurance does a customer convey to a bank by revealing that his Personal Identification Number (PIN) is 1111? We review a number of previously proposed measures, such as Shannon Entropy and min-entropy. Although each is appropriate under some assumptions, none is robust regarding the attacker’s knowledge about a nonuniform distribution. We therefore offer new measures that are more robust and useful. Uniform distributions are easy to analyze, but are rare in human memory; we therefore investigate ways to ”groom” nonuniform distributions to be uniform. We describe experiments that apply the techniques to highly nonuniform distributions, such as English names.