2016
DOI: 10.1007/978-3-319-45744-4_6
|View full text |Cite
|
Sign up to set email alerts
|

On the Implications of Zipf’s Law in Passwords

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
50
1

Year Published

2017
2017
2019
2019

Publication Types

Select...
4
3

Relationship

1
6

Authors

Journals

citations
Cited by 47 publications
(53 citation statements)
references
References 31 publications
2
50
1
Order By: Relevance
“…is the running time for exclusive-or operation. |D pw | denotes the number of passwords in D pw , and |D pw | is very limited in practice [49,50]; usually |D pw | ≤ 10 6 ; so the above attack is quite efficient.…”
Section: Offline Dictionary Attack Via Verification Value Inmentioning
confidence: 41%
“…is the running time for exclusive-or operation. |D pw | denotes the number of passwords in D pw , and |D pw | is very limited in practice [49,50]; usually |D pw | ≤ 10 6 ; so the above attack is quite efficient.…”
Section: Offline Dictionary Attack Via Verification Value Inmentioning
confidence: 41%
“…Password frequencies have been shown to follow closely variants of the Zipf's law distribution. In particular, the so-called CDF-Zipf's law model introduced in [25,26] is a modification of the Zipf's law which captures the frequencies of passwords, both for very frequent passwords, and the tails, as exhibited by the close empirical fit to multiple password datasets (see [26,25,27]). Note that an adversary can benefit greatly from the the non-uniformity of these distributions to design more powerful brute-force attacks.…”
Section: Figmentioning
confidence: 99%
“…The time complexity of the above attack is scriptOfalse(false|DIdfalse|false|DPwfalse|2Thfalse), where T h is the running time for hash computation, false|DIdfalse| and false|DPwfalse| denote the number of identities in DId and the number of passwords in DPw, respectively. And usually false|DIdfalse|false|DPwfalse|106, so the above attack is quite efficient. Accordingly, the scheme of Kumari et al is unable to resist off‐line password guessing attack.…”
Section: Cryptanalysis Of the Scheme Of Kumari Et Almentioning
confidence: 99%