Research On Password Guessing Methods Based On Deep Learning

Password is the most popular way to authenticate user identity.In general,passwords set by users follow certain rules,which provides opportunity for password cracking.Password guessing is a technique used to crack passwords by generating a burst password set to match the users’passwords.Traditional password guessing methods need to create a dictionary.Furthermore,it is required to set passwords’structure before cracking them,which is computationally intensive,memory-intensive and time-consuming.Besides,passwords generated by traditional password guessing are limited to a human-set password structure.Using generative adversarial networks(GAN)for password guessing has gained attention and development as deep learning advances.Unlike traditional password guessing methods,the dictionary and password structure preset are not required for GAN-based password guessing methods.The principle is to train a model according to the leakage password sets.Afterward,it generates the burst password set to crack user passwords.In the literature,the method of PassGAN first introduces GAN into the field of password guessing.It mainly focuses on improving password cracking rate,but rarely pays enough attention to password diversity.Due to the limited sample number of password test set used in experiments,the sample space of user password cannot be completely covered.That is,passwords generated by the model that don’t match the test set may meet potential password setting rules.Therefore,it is required not only to focus on whether the generated passwords match the test password set,but also to generate as many different passwords as possible.In view of this point,this thesis proposes U-PassGAN,a password guessing method based on GAN,which combines discriminator interpolation training strategy of Unrolled GAN with PassGAN to improve the diversity of generated password.The generator of U-PassGAN can refer to the state of discriminator at different stages,so as to obtain more valuable gradient information to update the parameters,making the training process more stable.However,as a model developed based on WGAN-GP,the generator structure and password generation scheme of U-PassGAN are not the best choice for password guessing.By using long and short-term memory to construct the generator,this thesis proposes G-Pass,a password guessing method based on the Gumbel-softmax distribution.By adopting temperature control strategy during the training process,the balance between password diversity and password quality can be achieved by using G-Pass.The two methods proposed in this thesis improve PassGAN from different perspectives.U-PassGAN focuses on improving the diversity of password.With a different model structure,G-Pass is more likely to generate passwords that conform to password setting rules.Experiments are conducted on the Rockyou data set and Linked In data set,and the results show that U-PassGAN generates more different passwords than PassGAN and G-Pass when the generated password set contain 10~9 entries.Meanwhile,higher password cracking rate can be achieved by G-Pass than other GAN-based password guessing models.