A Study On Password Guessing System Based On Personal Information And Recurrent Neural Network

Password authentication is one of the important ways of user identity authentication.Although it has many security risks,it will still be the most important method of user authentication in the foreseeable future because of its convenience and flexibility.Therefore,in this paper,we focus on the research of password guessing technology.Our goal is not only to be able to create more efficient password dictionary,thereby improving the efficiency of password cracking,but also to help systems and websites to develop better password policy,so as to enhance the user’s password strength and create more secure password.Firstly,we study three popular password guessing algorithms based on PCFG(Probabilistic Context Free Grammar),Markov theory and neural network respectively,as well as analyze their password guessing process and their application in practice,to provide theoretical basis of our proposed PRP(Personal-RNN-PCFG)password guessing algorithm.Secondly,we study the password creation rules through several password data sets exposed on the network from multiple dimensions,such as common password,password character composition,password length,password reuse and personal information contained in the password,which provides a data basis for our PRP password guessing algorithm.Then,based on the above theory and data,we use personal information,and combine the advantages of PCFG algorithm and RNN(Recurrent Neural Network)technology to propose a password guessing algorithm,i.e.,PRP algorithm.The main idea of the algorithm is to extract the password structure of the leaked data set,apply RNN neural network to learn and predict the password structure,and finally use the personal information to fill the password structure and obtain the predicted password.Finally,we use the PRP algorithm to build a password guessing prototype system.The prototype system is tested in two scenarios,i.e.,online guessing and offline guessing.Compared with the PCFG-based password guessing system,it can be found that the password guessing system based on our proposed PRP algorithm has much better cracking efficiency in both online and offline guessing scenarios.