Please use this identifier to cite or link to this item:
Title: Lost in disclosure: On the inference of password composition policies
Authors: Ferreira,J
Alexandra Sofia Mendes
Issue Date: 2019
Abstract: Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies-sets of rules that a user must abide by when creating a password-influence the distribution of user-chosen passwords on a system, much less research has been done on inferring the password composition policy that a given set of user-chosen passwords was created under. In this paper, we state the problem with the naive approach to this challenge, and suggest a simple approach that produces more reliable results. We also present pol-infer, a tool that implements this approach, and demonstrates its use in inferring password composition policies. © 2019 IEEE.
metadata.dc.type: Publication
Appears in Collections:Non INESC TEC publications - Indexed Articles in Conferences

Files in This Item:
File SizeFormat 
P-00R-W0X.pdf305.78 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.