Guesswork Subject to a Total Entropy Budget

TL;DR

This paper analyzes password security under a total entropy budget, showing that more uniform password distributions improve security against adversaries with limited guesswork, challenging the assumption that uniform passwords are always optimal.

Contribution

It introduces a framework for understanding password security with entropy and guesswork budgets, revealing that increased uniformity enhances protection against limited adversaries.

Findings

More uniform sources reduce the adversary's success probability.

Higher uniformity leads to fewer guesses needed by the adversary.

Uniformity improves security even when the adversary's guesswork is limited.

Abstract

We consider an abstraction of computational security in password protected systems where a user draws a secret string of given length with i.i.d. characters from a finite alphabet, and an adversary would like to identify the secret string by querying, or guessing, the identity of the string. The concept of a "total entropy budget" on the chosen word by the user is natural, otherwise the chosen password would have arbitrary length and complexity. One intuitively expects that a password chosen from the uniform distribution is more secure. This is not the case, however, if we are considering only the average guesswork of the adversary when the user is subject to a total entropy budget. The optimality of the uniform distribution for the user's secret string holds when we have also a budget on the guessing adversary. We suppose that the user is subject to a "total entropy budget" for choosing the secret string, whereas the computational capability of the adversary is determined by his "total guesswork budget." We study the regime where the adversary's chances are exponentially small in guessing the secret string chosen subject to a total entropy budget. We introduce a certain notion of uniformity and show that a more uniform source will provide better protection against the adversary in terms of his chances of success in guessing the secret string. In contrast, the average number of queries that it takes the adversary to identify the secret string is smaller for the more uniform secret string subject to the same total entropy budget.