Paper 2019/1188

Improving Password Guessing via Representation Learning

Dario Pasquini, Ankit Gangwal, Giuseppe Ateniese, Massimo Bernaschi, and Mauro Conti

Abstract

Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations. In this paper, we introduce a GAN-based representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that can be used to open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A framework for password guessing for practical scenarios where partial knowledge about target passwords is available and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set, leading to an optimal guessing strategy.

Note: This paper appears in the proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland) S&P 2021.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. MINOR revision.arxiv
Keywords
passwordcrackingDeepLearningGAN
Contact author(s)
pasquini @ di uniroma1 it
History
2020-07-27: revised
2019-10-15: received
See all versions
Short URL
https://ia.cr/2019/1188
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1188,
      author = {Dario Pasquini and Ankit Gangwal and Giuseppe Ateniese and Massimo Bernaschi and Mauro Conti},
      title = {Improving Password Guessing via Representation Learning},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1188},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1188}},
      url = {https://eprint.iacr.org/2019/1188}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.