Date: Sat, 10 Dec 2011 19:03:52 -0600 From: Wesley Tansey <tansey@...utexas.edu> To: Per Thorsheim <per@...rsheim.net> Cc: john-users@...ts.openwall.com Subject: Re: Password datasets with creation rules? Thanks. Those caveats make total sense. I'm familiar with Matt's work. I saw his paper in CCS'10 but all of the password datasets they analyzed are again with no significantly different rules enforced. Wesley On Sat, Dec 10, 2011 at 5:53 PM, Per Thorsheim <per@...rsheim.net> wrote: > > > > >In short: even if you do find any leaks of passwords that are > > >clearly from environments with creation policies in place > > >(length/complexity), you won't become much wiser without lots of > > >additional info. > > > > > > Would you mind expanding on that? I'm not quite as interested in > > gaining summary statistics as I am in comparing the performance of a > > model on it. I've done a pretty exhaustive search at this point > > though, so I've kind of lost hope that I'll find one. > > > Well, I could ask questions like: > - how old are the passwords? > - Do they originate from humans, service accounts or bots? > - have the written/implemented password policy changed, while accounts > haven't had their passwords updated to comply with the new policy? > - When were the accounts created, last used etc? > > Of course when your primary objective is to do performance analysis > against such data using different models (reminds of the the works of > Matt Weir at reusablesec.blogspot.com), the above questions may not be > that important. > > > > > Interesting presentation. Do you have a bibtex reference for it? > > > Me? bibtex? No, sorry, nothing like that available. I do my stuff out of > personal interest, not from any official & academical position. > > Best regards, > Per > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.