This paper presents results of empirical study of passwords really used on internet. These passwords were obtained during two data acquisitions in three years period. In this paper a method for the evaluation of password security against a dictionary attack and a brute force attack is suggested and used for security evaluation of these passwords. The method is based on a mathematical model and a simulation of dictionary attack and a brute force attack. In the paper trends of password selecting are identified and expected progress is outlined. Simultaneously truly used passwords are investigated by statistic methods.
HallerN.MetzC.NesserP.StrawM., A One-Time Password System, RFC2289, February 1998.
4.
HoffmanL. J., Modern Methods for Computer Security and Privacy.1st ed.New Persey: Prentice-Hall, Engelwood Cliffs, 1977.
5.
HubM., Data security–authentication (originally in Czech). Pardubice: University of Pardubice, 2005. ISBN 80-7194-825-X.
6.
JonesA., Password Authentication with insecure communication, ACM communications, volume 24, number 11, November 1981.
7.
KleinD., A Survey of, and Improvements to, Password Security. In Unix Security Workshop II, USENIX Association, 1990.
8.
MyškováR.. Economic dimense of value of information (originally in Czech). Scientific Papers of the University of Pardubice, Series D, 2006, č. 10, s. 228–232.
9.
RenaudK., Evaluating Authentication Mechanism. Security and usability.O'Reilly Media, Inc.2005. pp 103–128. ISBN 0-956-00827-9.
10.
SohB.JoyA., A Novel Web Security Evaluation Model for a One-Time-Password System, In Proceedings of the IEEE/WIC International Conference on Web Intelligence (WI'03), Issue, 13–17 Oct. 2003 pp 413–416.
11.
StallingsW., Network Security Essentials: Applications and Standards, Upper Saddle River, NJ: Prentice Hall, 2000.
12.
YanJ.BlackwellA.AndersonR.GrantA., The Memorability and Security of Passwords. Security and usability.O'Reilly Media, Inc.2005. pp 129–142. ISBN 0-956-00827-9.
