Paper 2020/583

A New Targeted Password Guessing Model

Xie Zhijie, Zhang Min, Yin Anqi, and Li Zhenhan

Abstract

TarGuess-I is a leading targeted password guessing model using users' personally identifiable information(PII) proposed at ACM CCS 2016 by Wang et al. Owing to its superior guessing performance, TarGuess-I has attracted widespread attention in password security. Yet, TarGuess-I fails to capture popular passwords and special strings in passwords correctly. Thus we propose TarGuess-I+: an improved password guessing model, which is capable of identifying popular passwords by generating top-300 most popular passwords from similar websites and grasping special strings by extracting continuous characters from user-generated PII. We conduct a series of experiments on 6 real-world leaked datasets and the results show that our improved model outperforms TarGuess-I by 9.07\% on average with 1000 guesses, which proves the effectiveness of our improvements.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. 25th Australasian Conference on Information Security and Privacy(ACISP 2020)
Keywords
TarGuessTargeted password guessingProbabilistic context-free grammar(PCFG)Personally identifiable information(PII).
Contact author(s)
22920142204024 @ stu xmu edu cn
History
2020-05-18: received
Short URL
https://ia.cr/2020/583
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/583,
      author = {Xie Zhijie and Zhang Min and Yin Anqi and Li Zhenhan},
      title = {A New Targeted Password Guessing Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/583},
      year = {2020},
      url = {https://eprint.iacr.org/2020/583}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.