Cryptology ePrint Archive: Report 2019/1188

Improving Password Guessing via Representation Learning

Dario Pasquini and Ankit Gangwal and Giuseppe Ateniese and Massimo Bernaschi and Mauro Conti

Abstract: Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations. In this paper, we introduce a GAN-based representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that can be used to open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A framework for password guessing for practical scenarios where partial knowledge about target passwords is available and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set, leading to an optimal guessing strategy.

Category / Keywords: implementation / password, cracking, DeepLearning, GAN

Original Publication (with minor differences): arxiv

Date: received 11 Oct 2019, last revised 27 Jul 2020

Contact author: pasquini at di uniroma1 it

Available format(s): PDF | BibTeX Citation

Note: This paper appears in the proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland) S&P 2021.

Version: 20200727:160553 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]