If we can find what password policy was used by a service at the time of when their database was leaked, then we can compute the entropy of the passwords under that password-composition policy.
The entropy should be computed in similar way as in Komanduri et al.'s twopapers.
If we can find what password policy was used by a service at the time of when their database was leaked, then we can compute the entropy of the passwords under that password-composition policy.
The entropy should be computed in similar way as in Komanduri et al.'s two papers.