The seminar was on a very interesting evaluation done on the strength of password meters. Almost all of us are exposed to password-strength meters in our everyday life. The general representation of password meter is a colored bar which when seen as a short red bar indicates a weak password and a long green bar indicates a strong password. The real purpose of a password meter is to show the path for better security to its users. However the strengths and weaknesses of these widely deployed meters has rarely been studied and hence this paper really opens up the real world thing going on. The authors of this paper  have chosen 11 prominent web service providers such ...view middle of the document...
• Hybrid checkers: It is also written in pure JAVA and can be used as a standalone library or client.
The 11 providers were identified to be using different meters which clearly indicate the diversity of these checkers.
The analysis of all the 11 different meters has proved that it is never easy to build an extremely reliable meter. This section highlights the challenges in order to design a reliable password checker:
1) Online v/s offline attacks
The amount of effort an adversary requires to break a password is directly proportional to the password strength. The enormous difference in the online and offline attack complicates this process of assigning password strengths.
2) Password Leaks
There are several incidents of password leaks in the real world and this again complicates the design of a reliable password checker. A strong leaked password is most likely integrated into a general attack dictionary especially if it is used by a considerable number of users. For the checker designers, it is almost infeasible for them to keep track of all such leaked passwords. The users also get confused when they become aware that their ‘perfect’ password is not being allowed by the system after a certain period of time. Thus consideration of password leak is an appropriate step towards the design of a reliable password checker.
If passphrases do not follow the normal grammatical structures they do offer pretty decent entropy, which is not that difficult for its users.
4) Relative performance
From the analysis it is clear that the mangling rules and leet transformations were not carefully optimised in the tests as it would have been done by a well-determined attacker.