PassGAN: A Deep Learning Approach for Password Guessing

by   Briland Hitaj, et al.

State-of-the-art password guessing tools, such as HashCat and John the Ripper (JTR), enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these rules perform well on current password datasets, creating new rules that are optimized for new datasets is a laborious task that requires specialized expertise. In this paper, we devise how to replace human-generated password rules with a theory-grounded password generation approach based on machine learning. The result of this effort is PassGAN, a novel technique that leverages Generative Adversarial Networks (GANs) to enhance password guessing. PassGAN generates password guesses by training a GAN on a list of leaked passwords. Because the output of the GAN is distributed closely to its training set, the password generated using PassGAN are likely to match passwords that have not been leaked yet. PassGAN represents a substantial improvement on rule-based password generation tools because it infers password distribution information autonomously from password data rather than via manual analysis. As a result, it can effortlessly take advantage of new password leaks to generate richer password distributions. Our experiments show that this approach is very promising. When we evaluated PassGAN on two large password datasets, we were able to outperform JTR's rules by a 2x factor, and we were competitive with HashCat's rules - within a 2x factor. More importantly, when we combined the output of PassGAN with the output of HashCat, we were able to match 18 alone. This is remarkable because it shows that PassGAN can generate a considerable number of passwords that are out of reach for current tools.


Generative Adversarial Nets: Can we generate a new dataset based on only one training set?

A generative adversarial network (GAN) is a class of machine learning fr...

SIGMA : Strengthening IDS with GAN and Metaheuristics Attacks

An Intrusion Detection System (IDS) is a key cybersecurity tool for netw...

DomainGAN: Generating Adversarial Examples to Attack Domain Generation Algorithm Classifiers

Domain Generation Algorithms (DGAs) are frequently used to generate larg...

DeshuffleGAN: A Self-Supervised GAN to Improve Structure Learning

Generative Adversarial Networks (GANs) triggered an increased interest i...

FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings

Several techniques have been proposed to detect vulnerable Spectre gadge...

Enforcing constraints for interpolation and extrapolation in Generative Adversarial Networks

Generative Adversarial Networks (GANs) are becoming popular choices for ...

Please sign up or login with your details

Forgot password? Click here to reset