2000 character limit reached
Revisiting Monte Carlo Strength Evaluation
Published 31 Jul 2024 in cs.CR | (2408.00124v1)
Abstract: The Monte Carlo method, proposed by Dell'Amico and Filippone, estimates a password's rank within a probabilistic model for password generation, i.e., it determines the password's strength according to this model. We propose several ideas to improve the precision or speed of the estimation. Through experimental tests, we demonstrate that improved sampling can yield slightly better precision. Moreover, additional precomputation results in faster estimations with a modest increase in memory usage.
- Matteo Dell’Amico. montecarlopwd: Monte Carlo password checking. 2016. https://github.com/matteodellamico/montecarlopwd.
- Matteo Dell’Amico and Maurizio Filippone. “Monte Carlo Strength Evaluation: Fast and Reliable Password Checking”. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. Association for Computing Machinery, 2015, pp. 158–169. https://doi.org/10.1145/2810103.2813631.
- Arvind Narayanan and Vitaly Shmatikov. “Fast dictionary attacks on passwords using timespace tradeoff”. In: Proceedings of the 12th ACM Conference on Computer and Communications Security. CCS ’05. Association for Computing Machinery, 2005, pp. 364–372. https://doi.org/10.1145/1102120.1102168.
- PCFG cracker. 2024. https://github.com/lakiw/pcfg_cracker.
- Daniel Lowe Wheeler. “Zxcvbn: low-budget password strength estimation”. In: Proceedings of the 25th USENIX Conference on Security Symposium. SEC’16. USENIX Association, 2016, pp. 157–173. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.