当前位置: X-MOL 学术Comput. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Adaptation of Password Strength Estimators to a Non-English Environment – the Czech Experience
Computers & Security ( IF 4.8 ) Pub Date : 2020-08-01 , DOI: 10.1016/j.cose.2020.101757
Petr Doucek , Luboš Pavlíček , Jiří Sedláček , Lea Nedomová

Abstract Passwords are among the most commonly used methods of user authentication. Password strength estimators can significantly help users to choose passwords of reasonable strength. These estimates are, however, useful for end users and administrators only in those cases where they provide sufficiently precise password strength estimations. Tools for estimating password strength have mainly been tested against English, or in some cases Chinese or other widespread and global languages. Only very few studies can be found in the literature regarding how to adapt these tools for other, less widespread languages, and what results are produced by so adapted tools. This article presents the approach and reports the results of adapting the zxcvbn estimation engine for the Czech and Slovak languages. The results of this work – an adapted version of zxcvbn (including various dictionaries) – are available for download on GitHub as open-source software. For testing password strength estimation quality, we used a large set of leaked passwords from the Czech environment (approx. 3.1 million passwords), which we divided up into 12 categories. The main results are: (1) The password strength estimation improved for all 12 of the categories. (2) The overall size of zxcvbn did not increase significantly, thanks to adjustments and optimizations of both the original English dictionaries and the newly added Czech and Slovak ones. (3) The speed of operation increased by 4 to 12% depending on the version of the dictionaries used. (4) Besides the direct results for Czech and Slovak, the method described in the article can be utilized as a methodology for adapting zxcvbn for other less-widespread European languages.

中文翻译:

密码强度估计器对非英语环境的适应——捷克经验

摘要 密码是最常用的用户身份验证方法之一。密码强度估计器可以显着帮助用户选择合理强度的密码。但是,这些估计值仅在提供足够精确的密码强度估计值的情况下对最终用户和管理员有用。估计密码强度的工具主要针对英语进行了测试,或者在某些情况下针对中文或其他广泛使用的全球语言进行了测试。关于如何将这些工具适用于其他不那么普遍的语言,以及如此适用的工具会产生什么结果,在文献中只能找到很少的研究。本文介绍了该方法并报告了针对捷克语和斯洛伐克语调整 zxcvbn 估计引擎的结果。这项工作的结果——zxcvbn 的改编版本(包括各种词典)——可作为开源软件在 GitHub 上下载。为了测试密码强度估计质量,我们使用了大量来自捷克环境的泄露密码(大约 310 万个密码),我们将其分为 12 类。主要结果是: (1) 所有 12 个类别的密码强度估计都得到了改进。(2) zxcvbn 的整体大小没有明显增加,这要归功于对原始英文词典和新添加的捷克语和斯洛伐克语词典的调整和优化。(3) 根据使用的字典版本不同,运算速度提高了 4% 到 12%。(4) 除了捷克和斯洛伐克的直接结果,
更新日期:2020-08-01
down
wechat
bug