Lost in disclosure: On the inference of password composition policies
Lost in disclosure: On the inference of password composition policies
| dc.contributor.author | Ferreira,J | en |
| dc.contributor.author | Johnson,S | en |
| dc.contributor.author | Alexandra Sofia Mendes | en |
| dc.contributor.author | Cordry,J | en |
| dc.contributor.other | 7344 | en |
| dc.date.accessioned | 2020-06-16T09:11:04Z | |
| dc.date.available | 2020-06-16T09:11:04Z | |
| dc.date.issued | 2019 | en |
| dc.description.abstract | Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies-sets of rules that a user must abide by when creating a password-influence the distribution of user-chosen passwords on a system, much less research has been done on inferring the password composition policy that a given set of user-chosen passwords was created under. In this paper, we state the problem with the naive approach to this challenge, and suggest a simple approach that produces more reliable results. We also present pol-infer, a tool that implements this approach, and demonstrates its use in inferring password composition policies. © 2019 IEEE. | en |
| dc.identifier.uri | http://repositorio.inesctec.pt/handle/123456789/11239 | |
| dc.identifier.uri | http://dx.doi.org/10.1109/issrew.2019.00082 | en |
| dc.language | eng | en |
| dc.rights | info:eu-repo/semantics/openAccess | en |
| dc.title | Lost in disclosure: On the inference of password composition policies | en |
| dc.type | Publication | en |
| dc.type | conferenceObject | en |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- P-00R-W0X.pdf
- Size:
- 305.78 KB
- Format:
- Adobe Portable Document Format
- Description: