Selecting Secure Passwords

Verheul, Eric R.

doi:10.1007/11967668_4

Eric R. Verheul¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4377))

Included in the following conference series:

Cryptographers’ Track at the RSA Conference

1222 Accesses
9 Citations

Abstract

We mathematically explore a model for the shortness and security for passwords that are stored in hashed form. The model is implicitly in the NIST publication [8] and is based on conditions of the Shannon, Guessing and Min Entropy. We establish various new relations between these three notions of entropy, providing strong improvements on existing bounds such as the McEliece-Yu bound from [7] and the Min entropy lowerbound on Shannon entropy [3]. As an application we present an algorithm generating near optimally short passwords given certain security restrictions. Such passwords are specifically applicable in the context of one time passwords (e.g. initial passwords, activation codes).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Arikan, E.: An inequality on guessing and its application to sequential decoding. IEEE Trans. Inform. Theory 42, 99–105 (1996)
Article MATH MathSciNet Google Scholar
Bosselaers, A.: Even faster hashing on the Pentium. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233. Springer, Heidelberg (1997)
Google Scholar
Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. ETH Series in Information Security and Cryptography, vol. 1. Hartung-Gorre Verlag, Konstanz (1997) (Reprint of Ph.D. dissertation No. 12187, ETH Zürich)
Google Scholar
Huffman, D.A.: A method for the construction of minimum-redundancy codes. In: Proceedings of the I.R.E., pp. 1098–1102 (1952)
Google Scholar
Malone, D., Sullivan, W.G.: Guesswork and entropy. IEEE Transactions on Information Theory 50(3), 525–526 (2004)
Article MathSciNet Google Scholar
Massey, J.L.: Guessing and entropy. In: Proc. 1994 IEEE International Symposium on Information Theory, p. 204 (1994)
Google Scholar
McEliece, R.J., Yu, Z.: An inequality on entropy. In: Proc. 1995 IEEE International Symposium on Information Theory, p. 329 (1995)
Google Scholar
NIST, Electronic Authentication Guideline, Special Publication 800-63 (2004)
Google Scholar
Royden, H.L.: Real analysis. Macmillan Publishing company, New York (1988)
MATH Google Scholar
Sci. crypt crypto FAQ, http://www.faqs.org/faqs/cryptography-faq/part04
van de Vel, M.L.J.: Theory of Convex Structures. North-Holland, Amsterdam (1993)
MATH Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Computing and Information Sciences, PricewaterhouseCoopers Advisory, Radboud University Nijmegen, P.O. Box 85096, 3508 AB, Utrecht, The Netherlands
Eric R. Verheul

Authors

Eric R. Verheul
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Sharing Platform Laboratories, NTT Corporation, Japan
Masayuki Abe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Verheul, E.R. (2006). Selecting Secure Passwords. In: Abe, M. (eds) Topics in Cryptology – CT-RSA 2007. CT-RSA 2007. Lecture Notes in Computer Science, vol 4377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11967668_4

Download citation

DOI: https://doi.org/10.1007/11967668_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69327-7
Online ISBN: 978-3-540-69328-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics