论文信息 - A New Proactive Password Checker.

A New Proactive Password Checker.

In this paper we propose a new proactive password checker, a program which prevents the choice of easy-to-guess passwords. The checker uses a decision tree which has been set up applying the Mini- mum Description LengthPrinciple and a Pessimistic Pruning Tech nique to refine its predictive power. Experimental results show a substantial improvement in performances of this checker with respect to previous proposals. Moreover, the system is user-friendly and can be adapted to a per-site policy by the system administrator.

Alfredo De Santis | Carlo Blundo | Paolo D'Arco | Clemente Galdi

[1] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2] J. Rissanen. Stochastic Complexity and Modeling , 1986 .

[3] Sarvar Patel,et al. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[4] Leo Breiman,et al. Classification and Regression Trees , 1984 .

[5] Rafail Ostrovsky,et al. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[6] Giancarlo Ruffo,et al. High dictionary compression for proactive password checking , 1998, TSEC.

[7] Matt Bishop,et al. Improving system security via proactive password checking , 1995, Comput. Secur..

[8] J. Ross Quinlan,et al. Simplifying Decision Trees , 1987, Int. J. Man Mach. Stud..

[9] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[10] Daniel Klein,et al. Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[11] Eugene H. Spafford,et al. OPUS: Preventing weak password choices , 1992, Comput. Secur..

[12] Matt Bishop. Password management , 1991, COMPCON Spring '91 Digest of Papers.

[13] Eugene H. Spafford. Preventing Weak Password Choices , 1991 .