Skip to main content
SpringerLink
Log in

Advances in Password Recovery Using Generative Deep Learning Techniques

  • Conference paper
  • First Online:
Artificial Neural Networks and Machine Learning – ICANN 2021 (ICANN 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12893))

Included in the following conference series:

Abstract

Password guessing approaches via deep learning have recently been investigated with significant breakthroughs in their ability to generate novel, realistic password candidates. In the present work we study a broad collection of deep learning and probabilistic based models in the light of password guessing: attention-based deep neural networks, autoencoding mechanisms and generative adversarial networks. We provide novel generative deep-learning models in terms of variational autoencoders exhibiting state-of-art sampling performance, yielding additional latent-space features such as interpolations and targeted sampling. Lastly, we perform a thorough empirical analysis in a unified controlled framework over well-known datasets (RockYou, LinkedIn, MySpace, Youku, Zomato, Pwnd). Our results not only identify the most promising schemes driven by deep neural networks, but also illustrate the strengths of each approach in terms of generation variability and sample uniqueness.

D. Biesner and K. Cvejoski—Equal contribution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://huggingface.co/transformers/model_doc/gpt2.html.

  2. 2.

    https://huggingface.co/transformers/pretrained_models.html.

  3. 3.

    https://github.com/lakiw/pcfg_cracker.

  4. 4.

    https://github.com/hashcat/hashcat/tree/master/rules/generated2.rule.

  5. 5.

    https://github.com/brannondorsey/markov-passwords.

  6. 6.

    https://github.com/hashcat/princeprocessor.

References

  1. Hashcat - advanced password recovery. https://hashcat.net/hashcat/. Accessed 07 Dec 2020

  2. Hashcat raking generated2.rule. https://github.com/evilmog/evilmog/wiki/Hashcat-Raking---generated2.rule. Accessed 07 Dec 2020

  3. Have i been pwnd v1. https://hashes.org/leaks.php?id=70. Accessed 07 Dec 2020

  4. John the ripper password cracker. https://www.openwall.com/john/. Accessed 07 Dec 2020

  5. Linkedin leak. https://hashes.org/leaks.php?id=68. Accessed 07 Dec 2020

  6. Myspace leak. https://weakpass.com/wordlist/22. Accessed 07 Dec 2020

  7. Rockyou leak. https://weakpass.com/wordlist/90. Accessed 07 Dec 2020

  8. Seclist compilation. https://weakpass.com/wordlist/50. Accessed 07 Dec 2020

  9. Skullsecurity compilation. https://weakpass.com/wordlist/671. Accessed 07 Dec 2020

  10. Troy hunt: Here’s why [insert thing here] is not a password killer. https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/. Accessed 07 Dec 2020

  11. Yahoo leak. https://weakpass.com/wordlist/44. Accessed 07 Dec 2020

  12. Youku leak. https://hashes.org/leaks.php?id=508. Accessed 07 Dec 2020

  13. Zomato leak. https://hashes.org/leaks.php?id=587. Accessed 07 Dec 2020

  14. Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: 34th International Conference on Machine Learning, ICML 2017 (2017)

    Google Scholar 

  15. Bowman, S.R., Vilnis, L., Vinyals, O., Dai, A.M., Jozefowicz, R., Bengio, S.: Generating sentences from a continuous space. arXiv preprint arXiv:1511.06349 (2015)

  16. Chanda, K.: Password security: an analysis of password strengths and vulnerabilities. Int. J. Comput. Netw. Inf. Secur. 8, 23–30 (2016)

    Google Scholar 

  17. Dell’Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis, pp. 1–9 (2010)

    Google Scholar 

  18. Goodfellow, I.J., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems (2014)

    Google Scholar 

  19. Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.: Improved training of wasserstein GANs. In: Advances in Neural Information Processing Systems (2017)

    Google Scholar 

  20. Hitaj, B., Gasti, P., Ateniese, G., Perez-Cruz, F.: PassGAN: a deep learning approach for password guessing. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 217–237. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_11

    Chapter  Google Scholar 

  21. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: 32nd International Conference on Machine Learning, ICML 2015 (2015)

    Google Scholar 

  22. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  23. Kingma, D.P., Welling, M.: Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013)

  24. Li, H., Chen, M., Yan, S., Jia, C., Li, Z.: Password guessing via neural language modeling. In: Chen, X., Huang, X., Zhang, J. (eds.) ML4CS 2019. LNCS, vol. 11806, pp. 78–93. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30619-9_7

    Chapter  Google Scholar 

  25. Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, TX, pp. 175–191. USENIX Association, August 2016

    Google Scholar 

  26. Pasquini, D., Gangwal, A., Ateniese, G., Bernaschi, M., Conti, M.: Improving password guessing via representation learning. In: 42nd IEEE Symposium on Security and Privacy (Oakland) (2021)

    Google Scholar 

  27. Rabiner, L., Juang, B.: An introduction to hidden Markov models. IEEE ASSP Mag. 3(1), 4–16 (1986)

    Article  Google Scholar 

  28. Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I.: Gpt2. Open AI (2019)

    Google Scholar 

  29. Sennrich, R., Haddow, B., Birch, A.: Neural machine translation of rare words with subword units. arXiv preprint arXiv:1508.07909 (2015)

  30. Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems (2017)

    Google Scholar 

  31. Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars, pp. 391–405 (2009)

    Google Scholar 

  32. Zagoruyko, S., Komodakis, N.: Wide residual networks. In: British Machine Vision Conference 2016, BMVC 2016 (2016)

    Google Scholar 

Download references

Acknowledgement

This project was funded by the Federal Ministry of Education and Research (BMBF), FZK: 16KIS0818. The authors of this work were supported by the Competence Center for Machine Learning Rhine Ruhr (ML2R) which is funded by the Federal Ministry of Education and Research of Germany (grant nos. 01|S18038B, 01|S18038C). We gratefully acknowledge this support.

Author information

Authors and Affiliations

  1. Fraunhofer IAIS, Sankt Augustin, Germany

    David Biesner, Kostadin Cvejoski, Bogdan Georgiev & Rafet Sifa

  2. University of Bonn, Bonn, Germany

    David Biesner & Rafet Sifa

  3. Competence Center for Machine Learning Rhine-Ruhr (ML2R), Dortmund, Germany

    David Biesner, Kostadin Cvejoski, Bogdan Georgiev & Rafet Sifa

  4. Federal Criminal Police Office, Wiesbaden, Germany

    Erik Krupicka

Authors
  1. David Biesner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kostadin Cvejoski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bogdan Georgiev
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafet Sifa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Erik Krupicka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kostadin Cvejoski .

Editor information

Editors and Affiliations

  1. Comenius University in Bratislava, Bratislava, Slovakia

    Igor Farkaš

  2. iMotions A/S, Copenhagen, Denmark

    Paolo Masulli

  3. University of Tübingen, Tübingen, Baden-Württemberg, Germany

    Sebastian Otte

  4. Universität Hamburg, Hamburg, Germany

    Stefan Wermter

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Biesner, D., Cvejoski, K., Georgiev, B., Sifa, R., Krupicka, E. (2021). Advances in Password Recovery Using Generative Deep Learning Techniques. In: Farkaš, I., Masulli, P., Otte, S., Wermter, S. (eds) Artificial Neural Networks and Machine Learning – ICANN 2021. ICANN 2021. Lecture Notes in Computer Science(), vol 12893. Springer, Cham. https://doi.org/10.1007/978-3-030-86365-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86365-4_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86364-7

  • Online ISBN: 978-3-030-86365-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation