Password security as a game of entropies

15Citations
Citations of this article
29Readers
Mendeley users who have this article in their library.

Abstract

We consider a formalmodel of password security, inwhich two actors engage in a competition of optimal password choice against potential attacks. The proposedmodel is amulti-objective two-person game. Player 1 seeks an optimal password choice policy, optimizing matters of memorability of the password (measured by Shannon entropy), opposed to the difficulty for player 2 of guessing it (measured by min-entropy), and the cognitive efforts of player 1 tied to changing the password (measured by relative entropy, i.e., Kullback-Leibler divergence). The model and contribution are thus twofold: (i) it applies multi-objective game theory to the password security problem; and (ii) it introduces different concepts of entropy to measure the quality of a password choice process under different angles (and not a given password itself, since this cannot be quality-assessed in terms of entropy). We illustrate our approach with an example from everyday life, namely we analyze the password choices of employees.

Author supplied keywords

Cite

CITATION STYLE

APA

Rass, S., & König, S. (2018). Password security as a game of entropies. Entropy, 20(5). https://doi.org/10.3390/e20050312

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free