Saturday, January 30, 2010

Out of Context Graph Challenge #1

I'm struggling with the best way to graph some new data I just analyzed based on the RockYou list. Since I'm also too lazy to write up a full post on it right now, I thought I might as well throw it out as a challenge to the five or so people who read this blog. I'll buy a beer for the first person who can correctly state what the following graph shows.


The beer is redeemable at any conference I happen to meet you at, (For example: Shmoocon). Here are a few hints:
  1. It is based on a subset of one million passwords from the RockYou set
  2. It has to deal with a project I am working on
  3. There is one word you MUST include in your submission for it to be valid
Answers will only be accepted in the comments. This contest will run until someone gets it right or I actually get around to writing a post on this. Imaginary bonus points are applied if you have any suggestions on a better way to graph the data.

11 comments:

bartavelle said...

A measure of complexity of both crackable passwords using a given technique in a given time and uncrackable passwords.

Matt Weir said...

Close, but I'm looking for a specific word. Regardless, you've earned a drink voucher from me.

Matt Weir said...

Mostly I'm just saying close so I can buy someone else a beer as well ;) There is one word I want to hear though. Hint - There's a reason the graph X axis doesn't show any values before 4.

jolZer said...

graph show cracked passwords by using the rockyou-top-100-list as wordlist with usual variation
... and length of password on x-axis.

Matt Weir said...

Good guess jolZer, but the X-axis is not password length, (otherwise the average password would be around 15 characters long).

Max Thrun said...

Password entropy on x-axis?

Matt Weir said...

Yup, entropy is the magic word Max. Specifically, the graph shows the calculated entropy according to NIST's SP800-63, of cracked/uncracked passwords after a 50Million guess untargeted dictionary attack.

Matt Weir said...

So in conclusion, I owe you a beer as well ;)

Sc00ba said...
This comment has been removed by the author.
Sc00bz said...

You should make two graphs: entropy distribution and passwords cracked per entropy.

Entropy distribution, y-axis percent of passwords and x-axis entropy.

Passwords cracked per entropy, y-axis percent of passwords cracked per entropy and x-axis entropy.

So something like this only more accurate since I took the data from your graph and couldn't get accurate info on entropy 4 through 9 and 22+.
http://yfrog.com/5vgraphsp

Matt Weir said...

Wow, great idea + work Sc00bz. I'm really impressed that you could get that from the graph. Thanks, and I'll rearrange my graph to your format when I finally get off my butt and write a post on this.