Password Cracking Using Probabilistic Context-Free Grammars
Date: May 2009 Publication: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09 Page(s): 391 - 405 Publisher: IEEE Source 1: http://www.cs.washington.edu/research/projects/poirot3/Oakland/sp/PAPERS/2009/oakland2009-23.pdf Source 2: http://dx.doi.org/10.1109/SP.2009.8 - Subscription or payment required Abstract or Summary:
Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. In this paper we discuss a new method that generates password structures in highest probability order. We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets. In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |