Next Article in Journal
Spectral Structure and Many-Body Dynamics of Ultracold Bosons in a Double-Well
Previous Article in Journal
Exploring Changes in Land Surface Temperature Possibly Associated with Earthquake: Case of the April 2015 Nepal Mw 7.9 Earthquake
Open AccessArticle

Convergence of Password Guessing to Optimal Success Rates

Department of Mathematics and Statistics and the Hamilton Institute, Maynooth University, R51 A021 Co. Kildare, Ireland
*
Author to whom correspondence should be addressed.
This paper is an extended version of our paper published in 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Northern Ireland, UK, 28–30 August 2018.
Entropy 2020, 22(4), 378; https://doi.org/10.3390/e22040378
Received: 6 March 2020 / Revised: 23 March 2020 / Accepted: 23 March 2020 / Published: 26 March 2020
Password guessing is one of the most common methods an attacker will use for compromising end users. We often hear that passwords belonging to website users have been leaked and revealed to the public. These leaks compromise the users involved but also feed the wealth of knowledge attackers have about users’ passwords. The more informed attackers are about password creation, the better their password guessing becomes. In this paper, we demonstrate using proofs of convergence and real-world password data that the vulnerability of users increases as a result of password leaks. We show that a leak that reveals the passwords of just 1% of the users provides an attacker with enough information to potentially have a success rate of over 84% when trying to compromise other users of the same website. For researchers, it is often difficult to quantify the effectiveness of guessing strategies, particularly when guessing different datasets. We construct a model of password guessing that can be used to offer visual comparisons and formulate theorems corresponding to guessing success. View Full-Text
Keywords: passwords; guessing; dataset; distribution passwords; guessing; dataset; distribution
Show Figures

Figure 1

MDPI and ACS Style

Murray, H.; Malone, D. Convergence of Password Guessing to Optimal Success Rates. Entropy 2020, 22, 378.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop