Password Similarity Using Probabilistic Data Structures
Round 1
Reviewer 1 Report
The use of Bloom filters to detect (and hence deprecate) similarity of passwords is described. It is essentially an extension of the Google Chrome RAPPOR system to passwords.
Some terminology is used before being defined: in L89-92 beta, s and kappa; in L176+5, v=2 is not yet defined.
Equations (2), (3) & (4) require reference citation(s)
English grammar/typographical issues:
footnote 4 is empty!
L49: "These"; L53: "Bloom"; L79: "resort"; L96: "of"; L126: "(3)"; L146: "analogous"; L153: insert "a"; L209: "ca."
Section 3.1: The authors should explain why the Jaccard coefficient in Eq.(1) is a suitable measure of the similarity distance between two Bloom filters.
Section 3.2: Eqs. (2), (3) & (4) are non-obvious and require either a literature citation or a derivation in the text.
Figure 1 caption: "process" should be "processes"
Figure 3 caption: "n - gram" should be "n-gram" (twice!)
Line 125+1: delete the initial spurious ">"
Line 276: in ref.12, "bloom" should be "Bloom"
Author Response
We thank the reviewer for their constructive comments.
Please see the attachment for a detailed review of your comments.
Author Response File: Author Response.pdf
Reviewer 2 Report
Other comments are given below.
1. The performance comparison (advantage and disadvantage) of
the proposed scheme with some previous (similar) works should be
clearly described by a table.
2.For data-set, (where the password size is n, (15<n<20)), the time complexity of the proposed scheme that is used to check password similarity should be further estimated.
Author Response
We thank the reviewer for their constructive comments.
Please see the attachment for a detailed review of your comments.
Author Response File: Author Response.pdf