Proactive Password Checking
with Decision Trees
F. Bergadano, B. Crispo and G. Ruffo
Università of Torino, Italy
The important problem of user password selection is addressed
and a new proactive password checking technique is presented.
In a training phase, a decision tree is generated based
on a given dictionary of weak passwords. Then, the
decision tree is used to determine whether a user password
should be accepted. Experimental results described here show
that the method leads to very high dictionary compression
(from 100 to 3 in the average) with low error rates (of the
order of 1%). We survey previous approaches to proactive
password checking, and provide an in-depth comparison.
Click here to get the full paper in poscript format.
This paper has been published in the Poceedings of the
1997 ACM Conference on Computer and Communication Security,
April 1-4, 1997, Zurich, Switzerlands.