Abstract
Password guessing approaches via deep learning have recently been investigated with significant breakthroughs in their ability to generate novel, realistic password candidates. In the present work we study a broad collection of deep learning and probabilistic based models in the light of password guessing: attention-based deep neural networks, autoencoding mechanisms and generative adversarial networks. We provide novel generative deep-learning models in terms of variational autoencoders exhibiting state-of-art sampling performance, yielding additional latent-space features such as interpolations and targeted sampling. Lastly, we perform a thorough empirical analysis in a unified controlled framework over well-known datasets (RockYou, LinkedIn, MySpace, Youku, Zomato, Pwnd). Our results not only identify the most promising schemes driven by deep neural networks, but also illustrate the strengths of each approach in terms of generation variability and sample uniqueness.
D. Biesner and K. Cvejoski—Equal contribution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
References
Hashcat - advanced password recovery. https://hashcat.net/hashcat/. Accessed 07 Dec 2020
Hashcat raking generated2.rule. https://github.com/evilmog/evilmog/wiki/Hashcat-Raking---generated2.rule. Accessed 07 Dec 2020
Have i been pwnd v1. https://hashes.org/leaks.php?id=70. Accessed 07 Dec 2020
John the ripper password cracker. https://www.openwall.com/john/. Accessed 07 Dec 2020
Linkedin leak. https://hashes.org/leaks.php?id=68. Accessed 07 Dec 2020
Myspace leak. https://weakpass.com/wordlist/22. Accessed 07 Dec 2020
Rockyou leak. https://weakpass.com/wordlist/90. Accessed 07 Dec 2020
Seclist compilation. https://weakpass.com/wordlist/50. Accessed 07 Dec 2020
Skullsecurity compilation. https://weakpass.com/wordlist/671. Accessed 07 Dec 2020
Troy hunt: Here’s why [insert thing here] is not a password killer. https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/. Accessed 07 Dec 2020
Yahoo leak. https://weakpass.com/wordlist/44. Accessed 07 Dec 2020
Youku leak. https://hashes.org/leaks.php?id=508. Accessed 07 Dec 2020
Zomato leak. https://hashes.org/leaks.php?id=587. Accessed 07 Dec 2020
Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: 34th International Conference on Machine Learning, ICML 2017 (2017)
Bowman, S.R., Vilnis, L., Vinyals, O., Dai, A.M., Jozefowicz, R., Bengio, S.: Generating sentences from a continuous space. arXiv preprint arXiv:1511.06349 (2015)
Chanda, K.: Password security: an analysis of password strengths and vulnerabilities. Int. J. Comput. Netw. Inf. Secur. 8, 23–30 (2016)
Dell’Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis, pp. 1–9 (2010)
Goodfellow, I.J., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems (2014)
Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.: Improved training of wasserstein GANs. In: Advances in Neural Information Processing Systems (2017)
Hitaj, B., Gasti, P., Ateniese, G., Perez-Cruz, F.: PassGAN: a deep learning approach for password guessing. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 217–237. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_11
Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: 32nd International Conference on Machine Learning, ICML 2015 (2015)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Kingma, D.P., Welling, M.: Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013)
Li, H., Chen, M., Yan, S., Jia, C., Li, Z.: Password guessing via neural language modeling. In: Chen, X., Huang, X., Zhang, J. (eds.) ML4CS 2019. LNCS, vol. 11806, pp. 78–93. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30619-9_7
Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, TX, pp. 175–191. USENIX Association, August 2016
Pasquini, D., Gangwal, A., Ateniese, G., Bernaschi, M., Conti, M.: Improving password guessing via representation learning. In: 42nd IEEE Symposium on Security and Privacy (Oakland) (2021)
Rabiner, L., Juang, B.: An introduction to hidden Markov models. IEEE ASSP Mag. 3(1), 4–16 (1986)
Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I.: Gpt2. Open AI (2019)
Sennrich, R., Haddow, B., Birch, A.: Neural machine translation of rare words with subword units. arXiv preprint arXiv:1508.07909 (2015)
Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems (2017)
Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars, pp. 391–405 (2009)
Zagoruyko, S., Komodakis, N.: Wide residual networks. In: British Machine Vision Conference 2016, BMVC 2016 (2016)
Acknowledgement
This project was funded by the Federal Ministry of Education and Research (BMBF), FZK: 16KIS0818. The authors of this work were supported by the Competence Center for Machine Learning Rhine Ruhr (ML2R) which is funded by the Federal Ministry of Education and Research of Germany (grant nos. 01|S18038B, 01|S18038C). We gratefully acknowledge this support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Biesner, D., Cvejoski, K., Georgiev, B., Sifa, R., Krupicka, E. (2021). Advances in Password Recovery Using Generative Deep Learning Techniques. In: Farkaš, I., Masulli, P., Otte, S., Wermter, S. (eds) Artificial Neural Networks and Machine Learning – ICANN 2021. ICANN 2021. Lecture Notes in Computer Science(), vol 12893. Springer, Cham. https://doi.org/10.1007/978-3-030-86365-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-86365-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86364-7
Online ISBN: 978-3-030-86365-4
eBook Packages: Computer ScienceComputer Science (R0)