| Summary of “Proactive Password Checking with Decision Trees” (2008) | |||||||||||||||
Abstract | |||||||||||||||
| and Ruffo (1997) describe a machine learning system they developed to classify potential passwords as “good ” or “bad”. A bad password is a string that can be found in a “password cracking ” dictionary, or is similar to such a string. A good password is one that cannot easily be guessed by searching such a dictionary. The classification of passwords is done by a decision tree, which is constructed using Quinlan’s C4.5 decision-tree-induction system (Quinlan, 1993). For the sake of simplicity in this system, it is assumed that all passwords are exactly 8 characters in length. The negative examples in the training data (i.e., “bad ” passwords) consist of 8-character strings chosen from an existing “crack ” dictionary and 8-character truncations of longer words chosen from that dictionary. The positive examples consist of 8-character random strings that do not appear in the dictionary or in the chosen set of truncated strings from the dictionary. Bergadano, Crispo, and Ruffo experimented with different sets of attributes in constructing decision trees for this task. Each attribute described a particular letter in an 8-character string, except for one attribute that tested to see if the string containes at least one nonalphanumeric | |||||||||||||||
Publication details | |||||||||||||||
| |||||||||||||||