Title :
Password Cracking Using Probabilistic Context-Free Grammars
Author :
Weir, Matt ; Aggarwal, Sudhir ; de Medeiros, B. ; Glodek, Bill
Author_Institution :
Comput. Sci. Dept., Florida State Univ., Tallahassee, FL, USA
Abstract :
Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. In this paper we discuss a new method that generates password structures in highest probability order. We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets. In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program.
Keywords :
computer crime; context-free grammars; dictionaries; probability; computer crime; data security; dictionary-based password cracking attack; password cracking program; probabilistic context-free grammars; word-mangling rules; Access control; Computer crime; Computer science; Computer security; Data security; Dictionaries; Hardware; Privacy; Testing; USA Councils; Computer crime; Computer security; Data security;
Conference_Titel :
Security and Privacy, 2009 30th IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-0-7695-3633-0
