{"componentChunkName":"component---src-templates-post-tsx","path":"/posts/2018/03/password-strength-mem/","result":{"data":{"markdownRemark":{"fields":{"slug":"/2018/03/password-strength-mem/"},"frontmatter":{"title":"An Analysis on Password Strength vs. Memorability","tag":["password","nltk"],"image":"https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcTgSYPCYNS5GZ9ec5BU2WDjn9YbZ1F2nEGABnZAhXZtSUkikTjg"},"correctedDateEpoch":1519923600000,"html":"<p>As I am creating <a href=\"https://github.com/patarapolw/memorable-password\">memorable-password</a> project, I am challenged on whether diceware-type passwords / memorable passwords are really strong.</p>\n<p>I learnt about Entropy and created (actually updated an old project) <a href=\"https://github.com/patarapolw/passwordstrength\">passwordstrength</a>.</p>\n<p>I formularized the concept on memorability based on pronounceability with NLTK and double metaphone -- <a href=\"https://github.com/patarapolw/pronounceable\">pronounceable</a>.</p>\n<p><a href=\"https://github.com/patarapolw/memorable-password/tree/master/analysis\">Here</a> is the result.</p>\n<!-- excerpt_separator -->\n<h2>Random characters</h2>\n<p>Typically created by a password generator. PIN, although often not created by a password generator also falls into this category.</p>\n<ul>\n<li>\n<p>strength (entropy): </p>\n<ul>\n<li>length=10: Worst: 49.0044, 50.9478, 52.0044; Best: 59.8346, 59.8346, 60.7781</li>\n<li>length=15: Worst: 76.4500, 78.3934, 78.3934; Best: 91.1671, 91.1671, 93.0539 </li>\n</ul>\n</li>\n<li>\n<p>complexity: </p>\n<ul>\n<li>length=10: Best: 0.40, 0.40, 0.40; Worst: 13.40, 15.20, 16.20</li>\n<li>length=15: Best: 3.13, 3.60, 3.67; Worst: 18.87, 18.93, 20.00 </li>\n</ul>\n</li>\n</ul>\n<p>Complexity > 10 is deemed hard to remember. Entropy &#x3C; 70 is a weak password.</p>\n<h2>Diceware passwords</h2>\n<p>Common words are usually chosen, making it susceptible to dictionary attack. I have found a common word list, based on Google.</p>\n<h3>Simple, readable words. No upper-case/ modifications.</h3>\n<ul>\n<li>\n<p>strength: </p>\n<ul>\n<li>number<em>of</em>words=4: Worst: 81.9075, 81.9075, 81.9075; Best: 161.8150, 171.2158, 190.0176</li>\n<li>number<em>of</em>words=6: Worst: 100.7092, 124.2114, 138.3128; Best: 241.7224, 251.1233, 255.8237 </li>\n</ul>\n</li>\n<li>\n<p>complexity: </p>\n<ul>\n<li>number<em>of</em>words=4: Best: 2.50, 4.09, 4.26; Worst: 11.77, 12.75, 12.80</li>\n<li>number<em>of</em>words=6: Best: 8.73, 8.77, 8.83; Worst: 20.49, 21.50, 22.48 </li>\n</ul>\n</li>\n</ul>"}},"pageContext":{"slug":"/2018/03/password-strength-mem/"}}}