Explore a conference talk from BSidesLV 2018 that delves into the impact of password constraints on the number of viable permutations. Examine 11 common practices that negatively affect password strength, analyze various password requirements, and understand their effects through Monte Carlo simulations. Learn about the Python script used for analysis and discover why truly unconstrained passwords are a myth. Investigate how different constraints, such as lowercase letters, numbers, and symbols, influence password composition and security. Gain insights into balancing entropy with human behavior, the prevalence of symbols in passwords, and character set choices based on password length. Analyze first and last character patterns in passwords and explore findings from a 2 million password dump. Conclude with a discussion on password equalizers and acknowledgements for this comprehensive security research presentation.
The Effect of Constraints on the Number of Viable Permutations of Passwords
Overview
Syllabus
Intro
11 Bad Things We Do To Good Passwords
Password Requirements
The Effects of Password Constraints
Why a Monte Carlo Simulation?
The Python Script
The Unconstrained Password is a Myth
Constraints Take A Toll
Piglet la The First Casualty
The Lowercase Constraint
Assault With A Number Constraint On A Password
Aggravated Assault With A Symbol Set Constraint
Balancing Entropy With Human Behavior
Prevalence of Symbols
Composition By Character Set Choices
Character Set Choices By Length
First Character Analysis
First and Last Character Analysis
The 2 Million Password Dump
The Great Password Equalizer
Acknowledgements
Taught by
BSidesLV
