 Next up we have Eyal Ronan, how to not share a password. You're not supposed to have the device. I'm ready to fight. Okay, I want to use this special occasion for a really, really big announcement. I want to tell you all that passwords are finally dead. Woo! I'm not talking about the previous time when Bill Gates died, or when Google claimed it, or all of the other bigger stans. This time I want to tell you that they are really, really dead, pushing up daisies. And I can't really do it. The reason is that passwords are not dead. They are widely used today. They're going to be widely used tomorrow. And today we're all talking about IoT's and stuff like that. They all use passwords. They are here to stay for the near future. So instead I want to try to find a way to use them a bit more securely. And what our paper is, how to not share a password. And what I want to say is that basically if you had a bad password, you'd compromise your information, your data. Today a bad password, and we've seen it in the IoT world in the Mirai Deck, can be used to create large bot links to detect the entire ecosystem on the Internet. And we need to find solutions to that problem. And there's a big question, who is liable in this situation? Is it the users that chose the bad password? Or isn't it the manufacturers that allowed them to do this? And we believe that manufacturers should have some kind of an ability and they should feel better. Okay, so there's many possible solutions for the best of the problem. We've seen the list guidance, for example. We've seen the list changing the guidance multiple times, less than a few months ago. And don't think that there is any killed-and-all answer. Most of the solutions are snake oil. But we want to suggest a specific solution to a specific problem. We want to blacklist popular passwords. We don't want an attacker to be able to use a relatively small number of passwords and try them on a lot of different devices. For example, web-connected cameras, and be able to really slouch botnet and detect everybody. So one main problem with that is that we don't really know the best for distribution. And we claim that the best for distribution may change over time. For example, this is due to the famous list guidelines. The passwords are becoming more complex, more secure. Then they are telling to be simpler, and by this definition, more secure. And we all know that Superman was a very popular password in the past. We believe that one of them is becoming more and more popular right now. There are different populations based on age, location, that may choose different passwords. And there are sometimes really really weird stuff that just pop out of the air. We want to be able to detect those weird things. Okay, so what do we try to do? Fill through the password. The first one to do is we don't want to do almost any arm. And if we publish a blacklist of popular passwords, then the deck will know those are the popular passwords you can try to use. So first we plan, we are basically doing something that's similar to publishing a part of vulnerability. We're going to tell the people, look, these passwords are weak. Everybody use them, you shouldn't do it. If they're still continuing to do it, if they're not going to patch themselves, then they're going to get hurt. But we're going to save the ecosystem, which we like the ecosystem of living. And if you want to learn statistics about passwords, we need to learn some information about them. So we need to help the privacy of the user's password. But we're going to do it just a little bit and then we can improve that. It doesn't hurt really, really bad. So basically what we want to do, we're going to identify the blacklist of the popular password. This is similar to the everybody learning about everybody's problem. And we want to make sure that the server doesn't learn a lot about the user's password. We want to, if possible, not miss any of the popular passwords. We want to block them all. But if some non-popular password gets blocked, it's not so bad. So the user will need to choose another password. Okay, there are a lot of previous works in the privately funded editors and other settings for more specific passwords. And the main difference is that our work assumes very bad stuff. There are so many that the world is a malicious world. Everybody is trying to get us and the malicious server will want to learn more information about passwords. And if we already have a attacker that controls a large portion of our users, they might try to attack and subvert this protocol, try to hide the popular password because if you have a popular password, it makes the attack easier. So everybody is malicious. We want to be able to handle that. Have something that handles it. It's relatively efficient. We can show that it's relevant to the IoT world and certainly for the PC world. And within this solution might be also used in other settings. For example, getting statistics from the Tor network, learning the distribution of the smartphone's ping or buttons, and allow server's providers to learn the actual distribution of the user's password in a very secure way. The paper is an online input. If there is a large server or small server provided here that wants to use our PC, we will be glad to do it. And I will try to handle that. And other 27 seconds that I have to cause anyone to fight. Thank you very much.