Google is repository of internet data. It indexes tremendous amount of data. It uses prediction service to determine the rest of the search query.
With such huge repository in place, can we take its advantage to determine the password strength?
Can we use the password as search query to determine its popularity. Based upon the number of hits we get for the password, can we give score to the password. Is this model feasible?
I think the passwords that are popular, occur more frequently on web-pages or as search queries. This doesn't mean that rare words of smaller length will be given a strong score. This is for obvious reasons, smaller passwords can be brute-force searched or can be queried in a finite time.
I think this model will work well for determining the strength of longer passwords that adhere to natural language such as English.
Is this approach to measure the password strength trivial? or in other words is there any easy attack if such model is used for measuring the password strength?
Note : If there is trust issue with Google, we can build our own service.
Aucun commentaire:
Enregistrer un commentaire