Skip to main content
Springer Nature Link
Log in

Selecting Secure Passwords

  • Conference paper
Topics in Cryptology – CT-RSA 2007 (CT-RSA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4377))

Included in the following conference series:

Abstract

We mathematically explore a model for the shortness and security for passwords that are stored in hashed form. The model is implicitly in the NIST publication [8] and is based on conditions of the Shannon, Guessing and Min Entropy. We establish various new relations between these three notions of entropy, providing strong improvements on existing bounds such as the McEliece-Yu bound from [7] and the Min entropy lowerbound on Shannon entropy [3]. As an application we present an algorithm generating near optimally short passwords given certain security restrictions. Such passwords are specifically applicable in the context of one time passwords (e.g. initial passwords, activation codes).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Arikan, E.: An inequality on guessing and its application to sequential decoding. IEEE Trans. Inform. Theory 42, 99–105 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  2. Bosselaers, A.: Even faster hashing on the Pentium. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233. Springer, Heidelberg (1997)

    Google Scholar 

  3. Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. ETH Series in Information Security and Cryptography, vol. 1. Hartung-Gorre Verlag, Konstanz (1997) (Reprint of Ph.D. dissertation No. 12187, ETH Zürich)

    Google Scholar 

  4. Huffman, D.A.: A method for the construction of minimum-redundancy codes. In: Proceedings of the I.R.E., pp. 1098–1102 (1952)

    Google Scholar 

  5. Malone, D., Sullivan, W.G.: Guesswork and entropy. IEEE Transactions on Information Theory 50(3), 525–526 (2004)

    Article  MathSciNet  Google Scholar 

  6. Massey, J.L.: Guessing and entropy. In: Proc. 1994 IEEE International Symposium on Information Theory, p. 204 (1994)

    Google Scholar 

  7. McEliece, R.J., Yu, Z.: An inequality on entropy. In: Proc. 1995 IEEE International Symposium on Information Theory, p. 329 (1995)

    Google Scholar 

  8. NIST, Electronic Authentication Guideline, Special Publication 800-63 (2004)

    Google Scholar 

  9. Royden, H.L.: Real analysis. Macmillan Publishing company, New York (1988)

    MATH  Google Scholar 

  10. Sci. crypt crypto FAQ, http://www.faqs.org/faqs/cryptography-faq/part04

  11. van de Vel, M.L.J.: Theory of Convex Structures. North-Holland, Amsterdam (1993)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Computing and Information Sciences, PricewaterhouseCoopers Advisory, Radboud University Nijmegen, P.O. Box 85096, 3508 AB, Utrecht, The Netherlands

    Eric R. Verheul

Authors
  1. Eric R. Verheul
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Sharing Platform Laboratories, NTT Corporation, Japan

    Masayuki Abe

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Verheul, E.R. (2006). Selecting Secure Passwords. In: Abe, M. (eds) Topics in Cryptology – CT-RSA 2007. CT-RSA 2007. Lecture Notes in Computer Science, vol 4377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11967668_4

Download citation

  • DOI: https://doi.org/10.1007/11967668_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69327-7

  • Online ISBN: 978-3-540-69328-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics