High Dictionary Compression for Proactive Password Checking
Date: November 1998
Publication: ACM Transactions on Information and System Security (TISSEC), Volume 1, Issue 1
Page(s): 3 - 25
Source 1: http://www.di.unito.it/~ruffo/bio/Papers/tissec98.pdf
Source 2: http://dx.doi.org/10.1145/290163.290164 - Subscription or payment required
Abstract or Summary:
The important problem of user password selection is addressed and a new proactive password-checking technique is presented. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to a very high dictionary compression (up to 1000 to 1) with low error rates (of the order of 1%). A prototype implementation, called ProCheck, is made available online. We survey previous approaches to proactive password checking, and provide an in-depth comparison.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.