Efficient Password Guessing Based on a Password Segmentation Approach

Efficient Password Guessing Based on a Password Segmentation Approach
Efficient Password Guessing Based on a Password Segmentation Approach
Other Titles:
2019 IEEE Global Communications Conference (GLOBECOM)
Publication Date:
09 December 2019
G. Deng, X. Yu and H. Guo, "Efficient Password Guessing Based on a Password Segmentation Approach," 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA, 2019, pp. 1-6.
Most cracking tools against alphanumeric passwords conduct password guessing based on sophisticatedly constructed password dictionaries. The rule-based methods which continuously expand the size of dictionaries based on simple permutation and concatenation is the traditional way to construct password dictionaries. To increase the intelligence in dictionary generation, some password cracking tools extract password patterns from the training passwords based on machine learning, and thus construct dictionaries using the extracted patterns. However, these tools either have low guessing efficiency, or produce password generation models with low interpretability. Usually, a password could be split into several meaningful segments each of which represents particular personal information or a grammatically correct word, and the password patterns could be extracted from these segments. In this paper, we propose a novel password cracking tool, which breaks each training password to meaningful segments, learns the patterns from the password segments, and generates personalized high-efficiency password dictionaries based on the learned patterns. The experimental results show that the proposed tool is more efficient than the traditional rule-based tools as well as alphanumeric patterns-based tools. Furthermore, to evaluate the impact of personal information leakage on password security, we use personal information of the target users as the inputs for the proposed tool and analyze the password guessing efficiency.
License type:
Funding Info:
© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Files uploaded:

File Size Format Action
09013139.pdf 267.10 KB PDF Request a copy