A little more detail seems worth providing. If you have a pdf (over probabilities) f(p), which may or may not actually integrate to 1 or to any finite value, then the corresponding pdf for our measure of attacker-capability q=1/p is f(1/q)/q^2; the relevant CDF here is the integral from 0 to q of this.

Conversely, if we start with a given cdf F(q), its pdf is F’(q), and the corresponding pdf for p is F’(1/p)/p^2.

I don’t think I understand. What do you mean by a pdf over probabilities? Like I get how one can have a pdf over probabilities in e.g. a Laplace’s law of succession-like situation, but I’m not sure what probabilities you have a pdf over here.

It’s fair enough to call that probabilities, I guess that just means that the thing I was really confused about is how you derive the CDF from the probabilities. That is, this part:

Under my framework, the distribution of amount of guesses that an attacker is willing to go through is a separate independent parameter that one can choose. I don’t see where the f(1/q)/q^2 expression comes from.