Adaptive password guessing: learning language, nationality and dataset source-Reference-Cited by-同舟云学术

Adaptive password guessing: learning language, nationality and dataset source

Published:2023-07-11 Issue:7-8 Volume:78 Page:385-400
ISSN:0003-4347
Container-title:Annals of Telecommunications
language:en
Short-container-title:Ann. Telecommun.

Author:

Murray Hazel,Malone David

Abstract

AbstractHuman chosen passwords are often predictable. Research has shown that users of similar demographics or choosing passwords for the same website will often choose similar passwords. This knowledge is leveraged by human password guessers who use it to tailor their attacks. In this paper, we demonstrate that a learning algorithm can actively learn these same characteristics of the passwords as it is guessing and that it can leverage this information to adaptively improve its guessing. Furthermore, we show that if we split our candidate wordlists based on these characteristics, then a multi-armed bandit style guessing algorithm can adaptively choose to guess from the wordlist which will maximise successes.

Publisher

Springer Science and Business Media LLC

Subject

Electrical and Electronic Engineering

Link

https://link.springer.com/content/pdf/10.1007/s12243-023-00969-4.pdf

Reference27 articles.

1. Murray H, Malone D (2020) Convergence of password guessing to optimal success rates. Entropy 22(4):378

2. KoreLogic: Crack Me If You Can (CMIYC)

3. Openwall: JtR. https://www.openwall.com/john

4. Steube, J., Gristina, G.: HashCat. https://hashcat.net

5. Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364–372 (2005). ACM