An inequality on guessing and its application to sequential decoding
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
Testing metrics for password creation policies by attacking large sets of revealed passwords
Proceedings of the 17th ACM conference on Computer and communications security
The symbiosis between collision and preimage resistance
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Cracking associative passwords
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
We mathematically explore a model for the shortness and security for passwords that are stored in hashed form. The model is implicitly in the NIST publication [8] and is based on conditions of the Shannon, Guessing and Min Entropy. We establish various new relations between these three notions of entropy, providing strong improvements on existing bounds such as the McEliece-Yu bound from [7] and the Min entropy lowerbound on Shannon entropy [3]. As an application we present an algorithm generating near optimally short passwords given certain security restrictions. Such passwords are specifically applicable in the context of one time passwords (e.g. initial passwords, activation codes).