Corpus ID: 15651171

Improved Models for Password Guessing

  title={Improved Models for Password Guessing},
  author={Wesley Tansey},
One approach to measuring password strength is to assess the probability it will be cracked in a fixed set of guesses. The current state of the art in password guessing employs a first-order Markov model that makes several assumptions about the distribution of passwords. We present two novel approaches to modeling password distributions that remove some of these assumptions. First, a layered Markov model is developed that extends a first-order model with indexsensitive weights. This model… Expand

Figures and Tables from this paper

Efficient Password Guessing Based on a Password Segmentation Approach
A novel password cracking tool is proposed, which breaks each training password to meaningful segments, learns the patterns from the password segments, and generates personalized high-efficiency password dictionaries based on the learned patterns. Expand
A probabilistic framework for improved password strength metrics
This paper provides an alternative vision to the existing password strength metrics by proposing a new statistical approach that is better aligned with the actual resistance of passwords to guessing attacks. Expand
A New Multimodal Approach for Password Strength Estimation—Part I: Theory and Algorithms
A novel multimodal strength metric is proposed that combines several imperfect individual metrics to benefit from their strong points in order to overcome many of their weaknesses and provide in real time a realistic and reliable feedback regarding the “guessability” of passwords. Expand
PGGAN: Improve Password Cover Rate Using the Controller
The experimental results show that compared with GAN, the proposed PGGAN performs better both in cover rate and duplicate rate and Wasserstein distance usually has a better effect to the other measure in model. Expand
The Effect of Bad Password Habits on Personal Data Breach
Users tend to utilize bad or weak passwords with memorable characteristics such as simple words from the dictionary and easy to remember sequence of numbers from birthdays. Poor or bad passwordExpand


Password Strength: An Empirical Analysis
It is found that a "diminishing returns" principle applies: in the absence of an enforced password strength policy, weak passwords are common; on the other hand, as the attack goes on, the probability that a guess will succeed decreases by orders of magnitude. Expand
Fast dictionary attacks on passwords using time-space tradeoff
It is demonstrated that as long as passwords remain human-memorable, they are vulnerable to "smart-dictionary" attacks even when the space of potential passwords is large, calling into question viability of human- Memorable character-sequence passwords as an authentication mechanism. Expand
Password Cracking Using Probabilistic Context-Free Grammars
This paper discusses a new method that generates password structures in highest probability order by automatically creating a probabilistic context-free grammar based upon a training set of previously disclosed passwords, and then generating word-mangling rules to be used in password cracking. Expand
Testing metrics for password creation policies by attacking large sets of revealed passwords
This paper attempts to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies, by modeling the success rate of current password cracking techniques against real user passwords. Expand
A large-scale study of web password habits
The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. Expand
Making a Faster Cryptanalytic Time-Memory Trade-Off
A new way of precalculating the data is proposed which reduces by two the number of calculations needed during cryptanalysis and it is shown that the gain could be even much higher depending on the parameters used. Expand
A decision-theoretic generalization of on-line learning and an application to boosting
The model studied can be interpreted as a broad, abstract extension of the well-studied on-line prediction model to a general decision-theoretic setting, and the multiplicative weightupdate Littlestone Warmuth rule can be adapted to this model, yielding bounds that are slightly weaker in some cases, but applicable to a considerably more general class of learning problems. Expand
Estimation of Distribution Algorithms: A New Tool for Evolutionary Computation
List of Figures. List of Tables. Preface. Contributing Authors. Series Foreword. Part I: Foundations. 1. An Introduction to Evolutionary Algorithms J.A. Lozano. 2. An Introduction to ProbabilisticExpand
Evolving Neural Networks through Augmenting Topologies
A method is presented, NeuroEvolution of Augmenting Topologies (NEAT), which outperforms the best fixed-topology method on a challenging benchmark reinforcement learning task and shows how it is possible for evolution to both optimize and complexify solutions simultaneously. Expand
Artificial Intelligence through Simulated Evolution
This chapter contains sections titled: References Artificial Intelligence through a Simulation of Evolution Natural Automata and Prosthetic Devices and Artificial intelligence through a simulation of Evolution natural automata and prosthetic devices. Expand