密码熵和密码质量

2010 Fourth International Conference on Network and System Security Pub Date : 2010-09-01 DOI:10.1109/NSS.2010.18

Wanli Ma, John Campbell, D. Tran, Dale Kleeman

{"title":"密码熵和密码质量","authors":"Wanli Ma, John Campbell, D. Tran, Dale Kleeman","doi":"10.1109/NSS.2010.18","DOIUrl":null,"url":null,"abstract":"Passwords are the first line of defense for many computerized systems. The quality of these passwords decides the security strength of these systems. Many studies advocate using password entropy as an indicator for password quality where lower entropy suggests a weaker or less secure password. However, a closer examination of this literature shows that password entropy is very loosely defined. In this paper, we first discuss the calculation of password entropy and explain why it is an inadequate indicator of password quality. We then establish a password quality assessment scheme: password quality indicator (PQI). The PQI of a password is a pair (D, L), where D is the Levenshtein's editing distance of the password in relation to a dictionary of words and common mnemonics, and L is the effective password length. Finally, we propose to use PQI to prescribe the characteristics of good quality passwords.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"67","resultStr":"{\"title\":\"Password Entropy and Password Quality\",\"authors\":\"Wanli Ma, John Campbell, D. Tran, Dale Kleeman\",\"doi\":\"10.1109/NSS.2010.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Passwords are the first line of defense for many computerized systems. The quality of these passwords decides the security strength of these systems. Many studies advocate using password entropy as an indicator for password quality where lower entropy suggests a weaker or less secure password. However, a closer examination of this literature shows that password entropy is very loosely defined. In this paper, we first discuss the calculation of password entropy and explain why it is an inadequate indicator of password quality. We then establish a password quality assessment scheme: password quality indicator (PQI). The PQI of a password is a pair (D, L), where D is the Levenshtein's editing distance of the password in relation to a dictionary of words and common mnemonics, and L is the effective password length. Finally, we propose to use PQI to prescribe the characteristics of good quality passwords.\",\"PeriodicalId\":127173,\"journal\":{\"name\":\"2010 Fourth International Conference on Network and System Security\",\"volume\":\"77 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"67\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Fourth International Conference on Network and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NSS.2010.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 67

摘要

密码是许多计算机化系统的第一道防线。这些密码的质量决定了这些系统的安全强度。许多研究主张使用密码熵作为密码质量的指标，熵越低意味着密码越弱或不安全。然而，仔细研究这些文献就会发现，密码熵的定义非常松散。本文首先讨论了密码熵的计算，并解释了为什么它是一个不充分的密码质量指标。然后，我们建立了一个密码质量评价方案:密码质量指标(PQI)。密码的PQI为一对(D, L)，其中D为密码相对于单词和常用助记符字典的Levenshtein编辑距离，L为有效密码长度。最后，我们建议使用PQI来规定高质量密码的特征。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Password Entropy and Password Quality

Passwords are the first line of defense for many computerized systems. The quality of these passwords decides the security strength of these systems. Many studies advocate using password entropy as an indicator for password quality where lower entropy suggests a weaker or less secure password. However, a closer examination of this literature shows that password entropy is very loosely defined. In this paper, we first discuss the calculation of password entropy and explain why it is an inadequate indicator of password quality. We then establish a password quality assessment scheme: password quality indicator (PQI). The PQI of a password is a pair (D, L), where D is the Levenshtein's editing distance of the password in relation to a dictionary of words and common mnemonics, and L is the effective password length. Finally, we propose to use PQI to prescribe the characteristics of good quality passwords.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Fourth International Conference on Network and System Security

自引率

0.00%

发文量

期刊最新文献

Privacy-Preserving Protocols for String Matching The PU-Tree: A Partition-Based Uncertain High-Dimensional Indexing Algorithm Ignorant Experts: Computer and Network Security Support from Internet Service Providers Resource Selection from Distributed Semantic Web Stores A Purpose Based Access Control in XML Databases System