FAQ

Who are the intended users of PARS?

PARS is designed for both password database administrators and password security researchers. Administrators can use PARS to evaluate the security of their password databases by either dataset or individual passwords strength metrics/meters. Researchers can use PARS to conduct large-scale experiments using the comprehensive tools in the system.

What platforms does PARS support?

PARS is created in Java thus theoretically could support any platform that one can run a JVM on. However while implementing the graphic user interface(GUI), we used an open sourced library “SWT (The Standard Widget Toolkit)” thus to use the GUI you must have a platform with SWT support.

What password cracking algorithms are in PARS already?

PARS currently contains the 9 password cracking techniques discussed in the paper which includes:

    • NS
    • PCFG
    • VCT
    • OMEN
    • n-gram
    • JtR-W
    • JtR-S
    • JtR-I
    • JtR-M

What password strength metrics/meters are in PARS already?

PARS currently contains 15 strength metrics and 8 strength meters from academia, and 15 commercial strength meters.
Academic Strength Meters:

  1. NIST
  2. Ideal
  3. Regional
  4. CMU
  5. PCFG
  6. Adaptive
  7. BFM
  8. Weir
  9. PTG

Commercial Strength Meters:

  1. Google
  2. Yahoo!
  3. Bloomberg
  4. Target
  5. Battle
  6. Skype
  7. QQ
  8. 12306.cn
  9. PayPal
  10. Medscape
  11. Intel
  12. Home Depot
  13. Fedex
  14. Microsoft
  15. Twitter

What is the most secure password that I should use?

Oops, I forgot.