
Zipf’s Law in Passwords (2017) [pdf] - lainon
http://wangdingg.weebly.com/uploads/2/0/3/6/20366987/ieeetifs17_final.pdf
======
jihadjihad
> What is the underlying mechanism that leads to the emergence of Zipf’s law
> in passwords?

As far as human-generated passwords go, it does not seem surprising that they
follow Zipf's law, since it seems humans are hard-wired to communicate via
Zipfian languages, and we likely adhere to that distribution unwittingly when
choosing passwords.

What's interesting is that when humans choose numbers, those numbers typically
do not follow Benford's law (which is a special case of Zipf's law), and can
be detected as fraudulent. I would be interested in seeing if machine-
generated passwords also follow Zipf's law (my hunch is that they will not,
much like how human-generated numbers do not follow Benford's law and stick
out like sore thumbs).

~~~
zamadatix
Any machine generated password that follows Zipf's/Benford's law should be
nuked from orbit.

