Hacker News new | past | comments | ask | show | jobs | submit login
Zipf’s Law in Passwords (2017) [pdf] (wangdingg.weebly.com)
46 points by lainon 6 months ago | hide | past | web | favorite | 3 comments

> What is the underlying mechanism that leads to the emergence of Zipf’s law in passwords?

As far as human-generated passwords go, it does not seem surprising that they follow Zipf's law, since it seems humans are hard-wired to communicate via Zipfian languages, and we likely adhere to that distribution unwittingly when choosing passwords.

What's interesting is that when humans choose numbers, those numbers typically do not follow Benford's law (which is a special case of Zipf's law), and can be detected as fraudulent. I would be interested in seeing if machine-generated passwords also follow Zipf's law (my hunch is that they will not, much like how human-generated numbers do not follow Benford's law and stick out like sore thumbs).

Any machine generated password that follows Zipf's/Benford's law should be nuked from orbit.

machine generated passwords should strive to be uniform. all possible passwords should have the same likelihood of being chosen.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact