Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

نویسندگان

  • William Melicher
  • Blase Ur
  • Sean M. Segreti
  • Saranga Komanduri
  • Lujo Bauer
  • Nicolas Christin
  • Lorrie Faith Cranor
چکیده

Human-chosen text passwords, today’s dominant form of authentication, are vulnerable to guessing attacks. Unfortunately, existing approaches for evaluating password strength by modeling adversarial password guessing are either inaccurate or orders of magnitude too large and too slow for real-time, client-side password checking. We propose using artificial neural networks to model text passwords’ resistance to guessing attacks and explore how different architectures and training methods impact neural networks’ guessing effectiveness. We show that neural networks can often guess passwords more effectively than state-of-the-art approaches, such as probabilistic context-free grammars and Markov models. We also show that our neural networks can be highly compressed—to as little as hundreds of kilobytes— without substantially worsening guessing effectiveness. Building on these results, we implement in JavaScript the first principled client-side model of password guessing, which analyzes a password’s resistance to a guessing attack of arbitrary duration with sub-second latency. Together, our contributions enable more accurate and practical password checking than was previously possible.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Rapid and Simultaneous Determination of Montelukast, Fexofenadine and Cetirizine Using Partial Least Squares and Artificial Neural Networks Modeling

Simultaneous determination of pharmaceutical compounds and accurate quantitative prediction of them are of great interest in the clinical and laboratory-based investigations.This work has focused on a comprehensive comparison of Partial Least-Squares (PLS-1) and Artificial Neural Networks (ANN) as two powerful types of chemometric methods. For this purpose, montelukast (MONT), fexofenadine ...

متن کامل

Measuring Real-World Accuracies and Biases in Modeling Password Guessability

Parameterized password guessability—how many guesses a particular cracking algorithm with particular training data would take to guess a password—has become a common metric of password security. Unlike statistical metrics, it aims to model real-world attackers and to provide per-password strength estimates. We investigate how cracking approaches often used by researchers compare to real-world c...

متن کامل

Prediction of monthly rainfall using artificial neural network mixture approach, Case Study: Torbat-e Heydariyeh

Rainfall is one of the most important elements of water cycle used in evaluating climate conditions of each region. Long-term forecast of rainfall for arid and semi-arid regions is very important for managing and planning of water resources. To forecast appropriately, accurate data regarding humidity, temperature, pressure, wind speed etc. is required.This article is analytical and its database...

متن کامل

Efficient Parameters Selection for CNTFET Modelling Using Artificial Neural Networks

In this article different types of artificial neural networks (ANN) were used for CNTFET (carbon nanotube transistors) simulation. CNTFET is one of the most likely alternatives to silicon transistors due to its excellent electronic properties. In determining the accurate output drain current of CNTFET, time lapsed and accuracy of different simulation methods were compared. The training data for...

متن کامل

Better passwords through science (and neural networks)∗

We discuss how we use neural networks to accurately measure password strength, and how we use this capability to build effective password meters. First, we show how neural networks can be used to guess passwords and how we leveraged this method to build a password guesser to better model guessing attacks. We report our measurements of the effectiveness of neural networks at guessing passwords, ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016