Password Cracking Using Probabilistic Context-Free Grammars
Authors: Matt Weir, Sudhir Aggarwal, Breno de Medeiros, Bill Glodek

Date: May 2009
Publication: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09
Page(s): 391 - 405
Publisher: IEEE
Source 1:
Source 2: - Subscription or payment required

Abstract or Summary:
Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. In this paper we discuss a new method that generates password structures in highest probability order. We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets. In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program.

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019