Lost in disclosure: On the inference of password composition policies

dc.contributor.author Ferreira,J en
dc.contributor.author Johnson,S en
dc.contributor.author Alexandra Sofia Mendes en
dc.contributor.author Cordry,J en
dc.contributor.other 7344 en
dc.date.accessioned 2020-06-16T09:11:04Z
dc.date.available 2020-06-16T09:11:04Z
dc.date.issued 2019 en
dc.description.abstract Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies-sets of rules that a user must abide by when creating a password-influence the distribution of user-chosen passwords on a system, much less research has been done on inferring the password composition policy that a given set of user-chosen passwords was created under. In this paper, we state the problem with the naive approach to this challenge, and suggest a simple approach that produces more reliable results. We also present pol-infer, a tool that implements this approach, and demonstrates its use in inferring password composition policies. © 2019 IEEE. en
dc.identifier.uri http://repositorio.inesctec.pt/handle/123456789/11239
dc.identifier.uri http://dx.doi.org/10.1109/issrew.2019.00082 en
dc.language eng en
dc.rights info:eu-repo/semantics/openAccess en
dc.title Lost in disclosure: On the inference of password composition policies en
dc.type Publication en
dc.type conferenceObject en
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
P-00R-W0X.pdf
Size:
305.78 KB
Format:
Adobe Portable Document Format
Description: