Password strength: an empirical analysis
INFOCOM'10 Proceedings of the 29th conference on Information communications
Password recovery for encrypted ZIP archives using GPUs
Proceedings of the 2010 Symposium on Information and Communication Technology
Testing metrics for password creation policies by attacking large sets of revealed passwords
Proceedings of the 17th ACM conference on Computer and communications security
The security of modern password expiration: an algorithmic framework and empirical analysis
Proceedings of the 17th ACM conference on Computer and communications security
Kamouflage: loss-resistant password management
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Recovering windows secrets and EFS certificates offline
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Attack on the GridCode one-time password
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Proposal of document protection system by poisoning
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part I
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
On the security of PPPoE network
Security and Communication Networks
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
Effect of grammar on security of long passwords
Proceedings of the third ACM conference on Data and application security and privacy
Statistical metrics for individual password strength
SP'12 Proceedings of the 20th international conference on Security Protocols
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
Honeywords: making password-cracking detectable
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Quantifying the security of graphical passwords: the case of android unlock patterns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Pitfalls in the automated strengthening of passwords
Proceedings of the 29th Annual Computer Security Applications Conference
Useful password hashing: how to waste computing cycles with style
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. In this paper we discuss a new method that generates password structures in highest probability order. We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets. In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program.