Please use this identifier to cite or link to this item:
|Title:||Lost in disclosure: On the inference of password composition policies|
Alexandra Sofia Mendes
|Abstract:||Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies-sets of rules that a user must abide by when creating a password-influence the distribution of user-chosen passwords on a system, much less research has been done on inferring the password composition policy that a given set of user-chosen passwords was created under. In this paper, we state the problem with the naive approach to this challenge, and suggest a simple approach that produces more reliable results. We also present pol-infer, a tool that implements this approach, and demonstrates its use in inferring password composition policies. © 2019 IEEE.|
|Appears in Collections:||Non INESC TEC publications - Indexed Articles in Conferences|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.