• Nu S-Au Găsit Rezultate

View of A survey on generating a strong password

N/A
N/A
Protected

Academic year: 2022

Share "View of A survey on generating a strong password"

Copied!
11
0
0

Text complet

(1)

http://annalsofrscb.ro 1476

A survey on generating a strong password

T.Nirmalraj a, Dr. J.Jebathagam b

a Research Scholar, Department of Computer Science, VISTAS, Chennai, [email protected]

b Assistant Professor, Department of Computer Science, VISTAS, Chennai, [email protected]

Abstract

These days, authentication of password document is perhaps the main issues for a huge number of clients and organizations in different fields. In this way, numerous frameworks store the secret phrase records in data set utilizing the different hashing and salting calculation. None the less, secret phrase hashing isn't secure by assailants since they attempt to get client's secret phrase in secret key record that are put away in the information base utilizing different assaults, for example, savage power assault, secret phrase speculating assault, and so forth in this paper we attempt to talk about different fascinating moving method with regards to security region since it can give a few benefits over secret key based scheme. In this paper we have summed up all the procedure to build up a solid secret phrase.

Keyword: Brute force attack, shoulder surfing attack, Mneomic Method, Honeywords Generator,etc.

I. Introduction

The use of secret word which stored in database turned into the primary test in different territories on the grounds that numerous genuine frameworks pick secret key based encryption calculation. Thus, the secret key documents assume a significant part in large number of clients and organizations, for example, Yahoo, Rock You [1],[2] since spilled secret phrase makes the client focus of numerous conceivable digital assaults. Since, numerous organizations attempt to ensure the secret phrase records utilizing hashing and satiating calculations. In the event that the secret phrase record is assaulted by aggressor utilizing secret word breaking strategies, the assailants can without much of a stretch get the secret phrase documents.

There are numerous validation strategies, for example, secret key based and designs verification equipment authentication, biometric put together authentication [4,5]. However, secret word based confirmation will in any case be the standard validation technique for quite a while later on [6], on the grounds that secret word based confirmation is straightforward and simple to utilize, ease, simple to oversee, while other confirmation techniques have numerous issues, for example, significant expense, hard to organization, protection divulgence, etc. Secret phrase-based verification strategies are applied to different data frameworks, for example, account login, information encryption, etc. When the secret phrase is broken or spilled, it will cause clients' very own data spillage, monetary property

(2)

http://annalsofrscb.ro 1477 misfortunes, private information robbery and other genuine outcomes. With the quick improvement of Internet innovation, every client needs to oversee an ever-increasing number of passwords, and by and large, solid passwords are hard to recall. Accordingly, clients may pick name, date of birth, phone number, interests, or a mix of them as passwords, which gives the likelihood to focused secret word assaults and secret word reuse assaults dependent on close to home data [7], [8].

II. Password Generation strategy - Using Mnemonic Method

Password based verification is the main line of protection of most data frameworks.

Secret key security concerns the security of the entire data framework. Consequently, directors will plan comparing secret word procedures to assist clients with improving the security and convenience of passwords. A few normal secret key arrangement procedures are examined. Focusing on the issue that customary secret phrase procedures can't consider security and convenience, another secret phrase age system dependent on mental helper shape, Alphapwd, is utilized to make secret key and to help the customer to decide the secret key and help them. They have discovered that the Alphapwd is discovered to be more proficient and more secured and it is hard to break the secret key.

III. Literature Review

Ziya Alper Genca et al analysed that password isn‘t hard to break when it is imposed with the (GPU). An unauthorised person can recover a customer's secret password using brute force am attack on hashing key function. At the point when password can be recognized by unauthorized person.

Ari Jules portrayed [6] et al that how honeyword was delivered and this honeyword was put away with genuine client secret key in secret key document. The secret key document is assaulted by the programmers utilizing animal power assault and this framework can misdirect to the programmers. This technique can be caused capacity overhead and grammatical mistake security issue. And afterward, they likewise talked about the capacity of the secret word record and key development for covering savage power assault.

Numerous experts thought about how to decrease stockpiling overhead issue and they made numerous techniques. Among them, the new honeywords age besides brought nectar aberrant once-finished or composed with distance show (PDP) technique was depicted by Nilesh, introduced a methodology can reduce putting away overhead issue separated from the past existing procedures. In any case, the cut off overhead issue has still stayed in nectar encryption measure [12]. In government sectors client‘s password are stored and stored to recover old client past history details [13].

Password synthesis approaches are utilized to assist clients with making passwords.

Komanduri et al. [15] thought about the secretive word strength, client direct and client mind investigation of four password piece frameworks in various conditions. The exploratory results show that the bizarre key entropy made by Condition basic16 method is the awesome.

(3)

http://annalsofrscb.ro 1478 Condition dictionary structure would enough have the option to get customers far from making passwords that can be sensibly broken by heuristic systems, yet word reference checking will make customers feel puzzled.

Shay et al. [16] investigated that using long-length password can increase the security.

The standard password can hold 12 characters and each baffling word ought to contain in any event three-character types). Yajun et al. [17] spilled secret word sets to dismantle the security of credible secret state sets in three cases: no puzzling word affiliation strategy, basic6 approach and class system. It is discovered that nothing aside from if there are various choices three password affiliation methods can assist clients with making solid passwords [18].

Shay et al. discovered that the clients battled with new and complex secret key necessities, and Mazurek et al. [19] discovered that the clients who griped about complex secret word approaches used to make weak passwords. Weir et al. [20] endeavoured to decide the viability of utilizing entropy, as an estimation of the security given by different secret word creation strategies. Yue Li et al. [21] presented "Kamouflage", another design for building burglary safe secret key administrators. This framework constrained an assailant who took a PC or cell with a Kamouflage-based secret phrase administrator to do a lot of online work prior to getting any client qualifications. Jomandari et al. [22] explored on characterizing measurements to describe secret word strength and utilizing them to assess secret key piece strategies. They investigated 12,000 passwords assembled under seven creation approaches through an online assessment. They developed a capable scattered technique for figuring how effectively a couple of heuristic mystery word hypothesizing estimations would figure passwords. They investigated on the hindrance of passwords made under different conditions to theorizing, the association between passwords unequivocally made under a given creation methodology and the association between infer limit, as assessed with secret key breaking estimations, and entropy checks. Their revelations could enlighten us on the cognizance of both mystery word piece techniques and estimations for assessing secret word security. J. Alex Halderman et al. [23] moreover depicted the consistency of passwords by figuring their entropy, and recognized that couple of natural perspectives about secret expression piece and strength were wrong. Shay et al. perceived methodologies that were both more usable and more secure than typically used courses of action that underscored complexity rather than length necessities. Cormac et al [ 24] investigated secret word affirmation using tokens, biometrics, and check subject to the diverse. Inglesent et al. [9]

found that as opposed to focusing covertly state approaches on extending secret word strength and carrying out repeat alone, courses of action should be arranged using HCI principles to help the customer with setting an appropriately strong mystery key in a specific setting of usage.

Yang et al. [26] contemplated the ease of use and security of six variations of memory helper secret phrase age technique. The outcomes show that MneGenEx is not difficult to prompt frail secret word, MnePerEx procedure is not difficult to make solid secret key, and by giving sentences, they can break the greater part of the passwords made by customers in 5

(4)

http://annalsofrscb.ro 1479 to 10 hypotheses. Kiesel et al. [27] set up a tremendous effort in determining the password based on corpus security and to assist the password based upon the memory and preliminary outcome of password using 7 length ASCII password found to be simpler and more insecure.

The test impact of the mental aide passwords with less intricacy in the disconnected assault situation is lower than anticipated, and the more drawn-out memory helper secret phrase performs better in the disconnected assault situation, however this isn't really the situation in the online assault situation. Contrasted and the passwords created by word reference testing, mental aide passwords can accomplish a similar secret phrase appropriation force with less characters in disconnected assault situations.

Bei et al. [28] defines the apart the strength of four mental partner passwords, The appraisal shows that without clearness attack condition, the strength of the four mental adornment passwords is higher than that of the two benchmark parties, Guo et al. [29]

proposed a sensible secret word game-plan structure, Opti words, and looked at the security and accommodation of Opti words with other exceptional secret key techniques.

Forget et al. [30] recommends that eager characters can be brought into the confounding word set by the customer to improve the security of the puzzling word. It is tracked down that the PTP secret word age technique can basically improve the security of the confounding word in a little turn of events, considering the path that to make the puzzling word which isn't difficult to contemplate, the unusual word entered early is overall feeble.

Huh et al. [30] proposed a key structure for making a shielded indiscreet secret key from the game plan, and the customer changed a hint of the letters in the password. The result shows that with the progression of the degree of characters superseded by the customer, the memorability of the odd key expansions scarcely. Isolated and the abnormal key under the general mystery express development, the broke speed of this strategy is decreased by 21%, at any rate it's right now hard for customers to review.

Marechal et al. [31] outlined various methodologies that had been used with no attempt at being subtle or private gadgets to update the mysterious word breaking measures.

Robert et al. [32] developed a probabilistic setting free language structure based getting ready arrangement of as of late uncovered passwords. Using this accentuation, they delivered word- demolishing rules, and from them, secret key guesses were used covertly key breaking. Their work showed that their system gave a more feasible way to deal with break passwords diverging from regular techniques by testing their gadgets and methods on real mystery state sets. In one course of action of examinations, planning on a lot of uncovered passwords, their technique had the alternative to break 28% to 129% a more noteworthy number of passwords than John the Ripper, a straightforwardly available standard mystery word breaking program.

After that Amico et al. [34] developed a system for surveying secret word fortitude to be used as a justification making more reasonable proactive mystery word checkers for (he customers and security examining instruments for (he heads. Following created by Weir et al., Houshmand et al. [34] managed portraying estimations to help separate and improve attack word references. Using their approach to manage improve the word reference, they achieved

(5)

http://annalsofrscb.ro 1480 an additional improvement of 33% on their past work by growing the consideration of a standard attack word reference.

IV. Methodology

4.1 Autopass Component

AutoPass has two fundamental parts: the AutoPass worker and the AutoPass customer. The AutoPass worker stores less touchy client information, for example client name and site explicit secret key strategies (determining the sorts of secret phrase a specific site will acknowledge). The AutoPass customer programming gives a UI, and consequently creates site-explicit client passwords by joining the predefined set of data sources. A few data sources are put away locally and some are put away in the AutoPass worker, with which the customer programming associates as important. Where conceivable, the created secret word is consequently embedded into login structures. While information traded between the AutoPass customer and worker isn't exceptionally classified, some is protection delicate and its uprightness is vital for right activity. All information traded among customer and worker is hence secured utilizing a worker validated TLS channel set up toward the start of a customer meeting.

4.2 Shoulder Surfing Attack

For getting gotten or basic client data, shoulder surfing is using direct insight strategies, for instance, researching someone's shoulder, etc Shoulder surfing is an effective strategy to get information. Since it is not difficult to investigate somebody's shoulder who rounding out a structure for input secure data. Shoulder surfing should likewise be possible significant distance with the guide of vision-upgrading gadgets, in different words, recording assault.

4.3 Brute force Attack

A Brute force attack continues in a straightforward manner, with the handling of enormous number of steps. An assailant has an encoded document — say, LastPass or KeePass secret phrase information base [5] and record contains an encryption key that opens the secret key. For decoding the secret key, assailants start to attempt each and every conceivable secret phrase and check whether that outcomes in an unscrambled record.

Applying Brute Force for on the web and disconnected records are to some degree unique.

For instance, if an aggressor needs to savage power any Gmail account, he begins to attempt each and every and potential mixes of the secret key to get simple admittance to account — however Google will immediately cut him off after a couple fizzled login endeavours. Gmail will show CAPTCHA (picture record of somewhat mutilated alphanumeric characters) [6] to confirm that the client isn‘t substantial one. They'll probably stop your login endeavours totally on the off chance that you figured out how to proceed for a considerable length of

(6)

http://annalsofrscb.ro 1481 time. Even subsequent to entering the secret key effectively Gmail requested that again the client enter the CAPTCHA picture likewise solely after that assailant can effectively login to focused record. Administrations that give admittance to records will choke access endeavours and boycott IP delivers that endeavours to sign in so often. Along these lines, an assault against an online help wouldn't function admirably. For disconnected assistance assault, an assailant caught a scrambled document from the focused-on PC on which an aggressor can attempt however many as could be allowed blends. As indicated by [7] there are four sorts of assaults under beast power, for example, unadulterated animal power assault, letter recurrence examination, markov models and focused on savage power assault with the assistance of animal power. The portrayal of the kinds of Brute power assault is: - Pure beast power assault doesn't utilize any likelihood data which isn't discovered intrinsically in the key space being looked. Letter recurrence investigation assault utilizes the character recurrence which is by all accounts showing up in a preparation set for expanding the adequacy of beast power assaults and secret phrase breaking likelihood to acquire a successful outcome.

Markov model is for choosing the probability of the characters in the password.

Firstly, we expect that the secret word should be composed in lower case (this is the best bet).

For this situation, the necessary time will remain something similar yet on the off chance that the secret phrase contains a capitalized letter it will require some investment to recuperate the first secret word. Furthermore, attempting every one of the potential mixes where the secret key is destined to be found, yet the cycle eases back down fundamentally. Thirdly, just the most likely secret word mixes are taken into contemplations for instance "secret key", "Secret key" and "Secret word". In this specific case the cycle eases back down to 33% of the first speed of secret word with a bomb plausibility. For leading the approval and assessment measure, the current password, the second datasets uses password by guessing the passwords breaking, these dataset uses Finnish and MySpace . Client names for the current situation are their email addresses. The synopsis data of Finnish and MySpace dataset is appeared in Table 1.

TABLE I. SUMMARY ABOUT FINNISH AND MYSPACE PASSWORD DATASETS

Dataset Size(mb) #unique Average length #characters

MySpace 15,812 13,395 7.60 90

Finnish 33,671 30,690 8.10 96

4.4 Honeywords Generation Method

Passwords are famously frail validation instrument since clients often pick poor and more than once passwords. The aggressor can without much of a stretch know this helpless secret word. In this way, the framework stores the right secret word with a few honeywords for each record in the information base to beguile assailants. Honeywords moreover called decoyed passwords are used to distinguish attack against hashed secret expression informational collection. Regardless, as opposed to delivering honeywords and set aside them

(7)

http://annalsofrscb.ro 1482 in the mysterious word record, we use the current customer passwords as honeywords. To achieve this, the current mystery word records for each record which we called honey indexes are aimlessly consigned to an as of late made record of customer if the new record is made.

4.5 Encryption&Decryption

4.5.1 Honeyword Encryption Technique

(PBE) is in danger in light of brute force attack, Password speculating, Password breaking and so on Individuals pick a powerless secret key that are effectively guessable for example simple to-anticipate passwords like name of dearest, birth date and so on so aggressor, gets figure text, can take a stab at unscrambling it with the most probable secret phrase. It is not difficult to decide when the correct secret phrase is found.

Nectar Encryption is intended to give underline security. Circulation changing encoder (DTE) is applied to message space and seed space is produced. Seed space is scrambled by utilizing key. For encryption any secret word-based encryption can be utilized. It delivers a code text which, when unscrambled with any of various wrong keys, yields conceivable looking yet false plaintexts called nectar messages.

A. One Time Pad (OTP)

(OTP) is used to compare key for encryption and unravelling measure. All around, this estimation uses particular or movement which is essential and basic for the essential cycle. Likewise, ensuing to finishing encryption and unscrambling measure, the key ought to be avoided with regards to no place and the new worth ought to be created subjectively every event that OTP is done.

B. RSA

Using RSA algorithm, we create a secure cryptosystem. Additionally, the subtleties for all cycles are as following: Key age measure: it is the interaction to create a couple of keys for encryption and decoding measure.

Stage 1: Making two tremendous indissoluble numbers, p and q, subjectively Stage 2: Evaluating n = p * q, n is called modulus

Stage 3: use Euler work, φ(n) = (p – 1) *(q – 1) Stage 4: choose public key, e, where gcd (e, φ(n)) =

Stage 5: Finding private key, d, from the going with condition, e*d mod φ(n) = 1

Ensuing to finishing key age measure, recipient two or three keys will to divulge e and n openly yet p, q, φ(n) and d are kept by him/her self.

Encryption process and decryption process are the two most important step to encrypt and decrypt the password and analyse whether they generate strong password.

(8)

http://annalsofrscb.ro 1483 Figure 1 - Analysing the computation time for encryption and decryption process

The above figure 1 state the computation time for encrypting and decryption the password and it also determine the time consumed to evaluate the OTP send.

Conclusion

In this paper we have discussed numerous ways to generate password in an efficient manner. We have also summarized various techniques and methodologies used in cyber security. We have also stated different attacks which occur during client side and drawback of each attack and the threat involved in it. Thus, in today‘s era one need to keep the database safe by generating a strong password and to overcome the threat involved in them.

References

[1] Mirante D, and Justin,C, ―Understanding Password Database Compromise‖, Technical Report TR-CSE-2013-02, Department of Computer Science and Engineering Polytechnici Institute of NYU, 2013.

[2] Vence, A, ―If your password is 123456, just make it hackme‖, The New York Times 20, 2010.

[3] Brown,K , ―The danger of weak hashes‖, Technical report, SANS Institute InfoSec Reading Room, 2013.

[4] Prof. Rohini S. More, Prof. Smita S. Konda, ―Resilient security against hackers using enchanced encryption techniques: Blowfish and Honey Encryption‖ International Journal on Recent and Innovation Trends in Computing and Communication, Volume: 4 Issue: 6, June 2016.

[5] Ziya Alper Genc, Suleyman Kardas, Mehmet Sabir Kiraz, ―Examination of a New Defence Mechanism: Honeywords,‖ Inernational Journal of Engineering Trends and Technology (IJETT), Volume 27 Number 4, September 2015.

(9)

http://annalsofrscb.ro 1484 [6] Ari Jules, Ronald L. Rivest, ―Honeywords: Making Password-e Cracking Detectable‖

MIT CSAIL, May 2, 2013.

[7] R.Gennaro and Y.Lindell, ―A framework for password-based authenticated key exchange,‖ In Advances in CryptologyEUROCRYPT 2003, pages 524–543. Springer, 2003 [8] Nirvan Tyagi [ntyagi], Jessica Wang [jzwang], Kevin Wen [kevinwen] and Daniel Zuo [dzuo],, ―Honey encryption Application,‖ Computer and network Security, Springer, 2015.

[9] Defense Information Systems Agency (DISA) for the Department of Defense (DOD),

―Application security and development‖, Security technical implementation guide (STIG), version 3 release 4, 28 October 2011.

[10] Ziya Alper Genc, ―Popularity is everything: a new approach to protecting passwords from statical guressing attacks‖, USENIX HotSec, pages1, 2010.

[11] Ari Jules and Ronald L ―A New Storage Optimized Honeyword Generation Approach for Enhancing Security and Usability,‖ 21, SEPT, 2015.

[12] Nilesh Chakraborty and Samrat Mondal, ―A research agenda acknowledging the persistence of passwords,‖ IEEE Security & Privacy, vol. 10, no. 1, pp. 28–36, 2012.

[13] ÝD. Florencio, C. Herley, and P. C. van Oorschot, ―Password portfolios and the finite- effort user: Sustainably managing large numbers of accounts,‖ in Proc. 23rd USENIX Security Symposium. USENIX Association, 2014, pp. 575–590.

[14] Herley, and Mitzenmacher, ‗‗Password cracking using probabilistic context-free grammars,‘‘ in Proc. 30th IEEE Symp. Secur. Privacy, Piscataway, NJ, USA, Mar. 2009, pp.

391–405.

[15] Komanduri, ‗‗Next gen PCFG password cracking,‘‘ IEEE Trans. Inf. Forensics Security, vol. 10, no. 8, pp. 1776–1791, Aug. 2015.XIAO HAN was born in Suizhou, Hubei, China.

[16] Shay, ‗‗A tradeoff between search and update time for the implicit dictionaryinformation security with the School of Computer problem,‘‘ Theor. Comput. Sci., vol. 58, nos. 1–3, pp.

57–68, 1988.Science and Information Engineering,

[17] D. Florêncio, C. Herley, and P. C. Van Oorschot, ‗‗An administrator‘s guideversity, Wuhan, China.

[18] Yajun, and H. Hu, ‗‗Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation,‘‘ ACM Trans. Inf. Syst. Secur., vol. 17, no. 4, p. 14, 2015.

[19] A. A. Darwish, W. M. Zaki, O. M. Saad, N. M. Nassar, and G. Schaefer, ‗‗Human authentication using face and fingerprint biometrics,‘‘ in Proc. 2nd Int. Conf. Comput. Intell., Commun. Syst. Netw., Jul. 2010, pp. 274–278.

(10)

http://annalsofrscb.ro 1485 [20] Mazurek, ‗‗The solution design using USB key for network security authentication,‘‘ in Proc. 4th Int. Conf. Comput. Intell. Commun. Netw., Nov. 2012, pp. 766–769.

[21] Weir, ‗‗Advances in password security,‘‘ (in Chinese), J. Comput. Res. Develop., vol.

53, no. 10, pp. 2173–2188, 2016.

[22] Yue Li, ‗‗A study of personal information in human-chosen passwords and its security implications,‘‘ in Proc. IEEE 35th Annu. IEEE Int. Conf. Comput. Commun. (INFOCOM), Apr. 2016, pp. 1–9.to

[23] J. Alex Halderman, B. Waters, and E. W. Felten, ―A convenient method for securely managing passwords,‖ in Proc. WWW 2005, A. Ellis and T. Hagino, Eds. ACM, 2005, pp.

471–479.

[24] Shay and p.wang , ―Site-specific passwords,‖ HP Laboratories, Palo Alto, Tech. Rep.

HPL-2002-39 (R.1), May 2003.

[25] Cormac and P. C. van Oorschot, ―Passwords for both mobile and desktop computers:

ObPwd for Firefox and Android,‖ USENIX; login, vol. 37, no. 4, pp. 28–37, August 2012.

[26] B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell, ―Stronger password authentication using browser extensions,‖ in Proc. 14th USENIX Security Symposium, P.

McDaniel, Ed. USENIX Association, 2005, pp. 17–32.

[27] R. Wolf and M. Schneider, ―The passwordsitter,‖ Fraunhofer Institute for Secure Information Technology (SIT), Tech. Rep., May 2006.

[28] Bei and K. Sitaker, ―Passpet: Convenient password management and phishing protection,‖ in Proc. SOUPS 2006, L. F. Cranor, Ed. ACM, 2006, pp. 32–43.

[29] Guo and C. J. Mitchell, ―Password generators: Old ideas and new,‖ in Proc. WISTP 2016, ser. LNCS, S. Foresti and J. Lopez, Eds., vol. 9895. Springer, 2016, pp. 245–253.

[30] D. McCarney, ―Password managers: Comparative evaluation, design, implementation and empirical analysis,‖ Master‘s thesis, Carleton University, August 2013, available at https://danielmccarney.ca/assets/pubs/ McCarney.MCS.Archive.pdf.

[31] Robert and P. C. van Oorschot ―User study, analysis, and usable security of passwords based on digital objects,‖ IEEE Trans. Inf. Forensics & Security, vol. 6, no. 3, pp. 970–979, 2011.

[32] Moritz Horsch,―PALPAS—password less -- password synchronization,‖ in Proc. ARES 2015. IEEE Computer Society, 2015, pp. 30–39.

[33] Houshmand, ―Password requirements markup language,‖ in Proc. ACISP 2016, ser.

LNCS, J. K. Liu and R. Steinfeld, Eds., vol. 9722. Springer-Verlag, 2016, pp. 426– 439.

(11)

http://annalsofrscb.ro 1486

Referințe

DOCUMENTE SIMILARE

“Given that the higher education sector is situated at the crossroads of research, education and innovation, it is a central player in the knowledge economy and society and key to

(both terms applied to the Eastern faith of the Transylvanian Romanians) and restricted the scope to the Orthodox faith, and another, which firmly associates the adjective romana

74 In the United States there are a lot of discussions nowadays regarding equal rights t marriage, based on the argument that, fro a legal point of view, marriage is a

A significant part of this analysis is predicated on the assumption that the phrase war on terror – which was duly and persistently criticized on various ideological,

Our survey of the fate of Portuguese inflections in the Upper Guinea creoles is organized by morphosyntax: we will examine the noun phrase (section two) for inflections of number

Thus, if Don Quixote is the idealist, Casanova the adventurous seducer, Werther the suicidal hero, Wilhelm Meister the apprentice, Jesus Christ will be, in the audacious and

Unfortunately, if the intruder plays one of these roles in one session and legitimately learns the “secret”, then he can re-use this value in some other session (where he does not

Monte Carlo integration, Quasi-Monte Carlo integration, normal inverse Gaussian distribution, H-discrepancy, H-distributed low-discrepancy sequences, H-mixed sequences,