G. Deng, X. Yu and H. Guo, "Efficient Password Guessing Based on a Password Segmentation Approach," 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA, 2019, pp. 1-6.
Most cracking tools against alphanumeric passwords conduct password guessing based on sophisticatedly constructed password dictionaries. The rule-based methods which continuously expand the size of dictionaries based on simple permutation and concatenation is the traditional way to construct password dictionaries. To increase the intelligence in dictionary generation, some password cracking tools extract password patterns from the training passwords based on machine learning, and thus construct dictionaries using the extracted patterns. However, these tools either have low guessing efficiency, or produce password generation models with low interpretability. Usually, a password could be split into several meaningful segments each of which represents particular personal information or a grammatically correct word, and the password patterns could be extracted from these segments. In this paper, we propose a novel password cracking tool, which breaks each training password to meaningful segments, learns the patterns from the password segments, and generates personalized high-efficiency password dictionaries based on the learned patterns. The experimental results show that the proposed tool is more efficient than the traditional rule-based tools as well as alphanumeric patterns-based tools. Furthermore, to evaluate the impact of personal information leakage on password security, we use personal information of the target users as the inputs for the proposed tool and analyze the password guessing efficiency.