Starting from algebraic properties that enable guessing lowentropy secrets, we formalize guessing rules for symbolic verification. The rules are suited for both off-line and on-line guessing and can distinguish between them. We add our guessing rules as state transitions to protocol models that are input to model checking tools. With our proof-of-concept implementation we have automatically det...

Three-party Password-based Authentication Key Exchange (3PAKE) allows a trusted server to assist two users to establish a common session key. Recently, Wu et al. pointed out that Chang et al.’s 3PAKE was vulnerable to the off-line guessing attack and proposed an improved 3PAKE to fix the problem. However, we found that Wu et al.’s protocol is still subject to the off-line guessing attack. In ad...

In repeated number guessing games choices typically converge quickly to the Nash equilibrium. In positive expectations feedback experiments, however, convergence to the equilibrium price tends to be very slow, if it occurs at all. Both types of experimental designs have been suggested as modeling essential aspects of financial markets. In order to isolate the source of the differences in outcom...

This paper presents results from two experiments which used computer-based grammar and teacher-driven grammar (chalk and talk) instructional methods. Each method involves teaching verb tenses using two deductive approaches (a) the initial rule-oriented approach (involves initial presentation of explicit rules followed by illustrative examples) and (b) the structure-guessing approach (involves e...

Two contrasting problem solving episodes are presented in which a pre-algebra student uses systematic guessing and checking to solve algebra word problems with the underlying structure: “For a given y, m, and b, find x such that y=mx+b.” The first episode illustrates how the student initially engages in systematic guessing and checking organized in a table (a “Guess and Check chart”) to converg...

One approach to measuring password strength is to assess the probability it will be cracked in a fixed set of guesses. The current state of the art in password guessing employs a first-order Markov model that makes several assumptions about the distribution of passwords. We present two novel approaches to modeling password distributions that remove some of these assumptions. First, a layered Ma...

In this paper I bring together a number of insights in the field of semiotic dynamics. Inspired by recent advances in the understanding of the naming game and by previous attempts to define stages in the formation of lexical languages, we define two classes of language game problems called the single and multiple word guessing games. By being more complex than naming games, but not as complex a...

Bluetooth has been developed to provide mobile ad hoc connectivity between a wide range of portable and fixed devices. Bluetooth is a Wireless Personal Area Network (WPAN) Standard that is moderately secure but still has weaknesses in its security architecture. One such weakness has been identified in its pairing mechanism, which leads to an attacker guessing PIN number leading to the guessing ...

Younger and older adults studied lists of words directly (e.g., creek, water) or indirectly (e.g., beaver, faucet) related to a nonpresented critical lure (CL; e.g., river). Indirect (i.e., mediated) lists presented items that were only related to CLs through nonpresented mediators (i.e., directly related items). Following study, participants completed a condition-specific task, math, a recall ...

This paper studies a potential risk of using real name verification systems that are prevalently used in Korean websites. Upon joining a website, users are required to enter their Resident Registration Number (RRN) to identify themselves. We adapt guessing theory techniques to measure RRN security against a trawling attacker attempting to guess victim’s RRN using some personal information (such...