Use your Facebook login and see what your friends are reading and sharing.
Passwords
Password Authentication on Mac OS X from Dave Dribin
42-slide presentation on history of encryption, passwords and hashing, and how all this applies to Mac OS X.
From: lukeo
Password Statistics by Michael R. Mittleman, 2006
This document provides a brief introduction to the mathematics of certain password characteristics. Rigor is introduced by conducting a number of repeatable experiments and examining the ...
From: lukeo
CESG Comparing different authentication methods, 2005
A presentation that compares the strength of various authentication methods including passwords, token and biometrics.
From: lukeo
Guessing and Entropy, James Massey, 1994
In this short 1-page pape, Massey shows that the expected number of guesses to recover a secret parameter can be lower bounded by the entropy of the pararemeter's distribution.
From: lukeo
The Disparity between Work and Entropy in Cryptology, John Pliam, 1999
In this paper the author discusses the difference between the work (number of guesses) to recover a password or key and how this relates to entropy measures. In fact he shows that entropy...
From: lukeo
Selecting Secure Passwords, Eric Verheul, RSA 2007
A mathamatical analysis of optimal strategies for selecting passswords using entropy arguments.
From: lukeo
Password Management Guideline, US DoD, 1985
The guidelines described in this document provide a set of good practices related to the use of password-based user authentication mechanisms in automatic data processing systems employe...
From: lukeo
On the Incomparability of Entropy and Marginal Guesswork in Brute Force Attac...
This paper shows that entropy is not a good measure of the number of guesses required to recover a security parameter (such as a password) with a given rate of success.
From: lukeo
Password Policy Simulation and Analysis, Shay et al, Purdue University, 2007
The authors simulate the effectivesness of various password policies.
From: lukeo
NIST Enterprise Guidelines for Passwords, June 2009 draft
A 38-page draft guideline from NIST on topcs for managing passwords at the enterprise level. See my blog for a summary.
From: lukeo
Outline of a book on Passwords
Here is an outline of a book I started to write in 2003 on passwords. At the time I had a few months away from work and I decided to return to some basics in security, and I started with ...
From: lukeo
Fast Dictionary Attacks on Passwords Using TimeSpace Tradeoff
Human-memorable passwords are a mainstay of computer security. To decrease vulnerability of passwords to brute-force dictionary attacks, many organizations enforce complicated password-cr...
From: lukeo
Rainbow Tables Explained
Detailed instructions on how to generate and use rainbow tables on your desktop.
From: lukeo
Using FPGA Clusters for Fast Password Recovery
In this white paper we present a high performance, low power and scalable approach to password recovery. We describe the use of a cluster of field programmable gate arrays (FPGAs) and com...
From: lukeo
