tag:blogger.com,1999:blog-496451536493805371.post3367451747916915844..comments2024-03-04T10:06:17.113-08:00Comments on Reusable Security: New Paper on Password Security MetricsMatt Weirhttp://www.blogger.com/profile/16008062842047893999noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-496451536493805371.post-51083527060386735992019-04-24T06:42:18.067-07:002019-04-24T06:42:18.067-07:00Hi Matt,
I found your research to be very informa...Hi Matt,<br /><br />I found your research to be very informative and interesting. My take away points from the paper were:<br /><br />1. The method proposed in NIST SP800-63 for calculating password entropy does not accurately predict the difficulty attack for leaked password sets<br /><br />2. As the number of guesses does not have a linear relationship with the number of passwords cracked, using an entropy measure to predict the probability of a password being cracked is not valid<br /><br />My follow up question, is that if you look at the data presented for a system using a large password blacklist, it does look the relationship is linear (over the range of data presented on the graph). Could it be the case that by applying a straight line fit to a password set with a 500,000 blacklist, one could work out the guessing entropy of a password system?<br /><br />Many Thanks,<br /><br />Andrew CarterAndrew Carterhttps://www.blogger.com/profile/13192057955664601998noreply@blogger.comtag:blogger.com,1999:blog-496451536493805371.post-75475030478286973362011-05-20T11:52:28.860-07:002011-05-20T11:52:28.860-07:00Very valuable contribution. I've referenced i...Very valuable contribution. I've referenced it at the new IT Security StackExchange Q&A site: <a href="http://security.stackexchange.com/questions/3913/appropriate-password-requirements-for-a-login-openid-service-provider-delegate" rel="nofollow">Appropriate password requirements for a login (OpenID) service/provider/delegate/thing</a>. I'd invite you to expand on the answers there. You'd probably enjoy the site.Neal McBurnetthttps://www.blogger.com/profile/11522080019733779087noreply@blogger.comtag:blogger.com,1999:blog-496451536493805371.post-22743062083937839632010-10-08T15:57:33.236-07:002010-10-08T15:57:33.236-07:00Excellent paper ! thx !Excellent paper ! thx !Unknownhttps://www.blogger.com/profile/17589331213728727957noreply@blogger.com