Using Personal Information in Targeted Grammar-Based Probabilistic Password Attacks - Advances in Digital Forensics XIII
Conference Papers Year : 2017

Using Personal Information in Targeted Grammar-Based Probabilistic Password Attacks

Abstract

Passwords are the primary means of authentication and security for online accounts and are commonly used to encrypt files and disks. This research demonstrates how personal information about users can be added systematically to enhance password cracking. Specifically, a dictionary-based probabilistic context-free grammar approach is proposed that effectively incorporates personal information about a targeted user into component grammars and dictionaries used for password cracking. The component grammars model various types of personal information such as family names and dates, previous password information and possible information about sequential passwords. A mathematical model for merging multiple grammars that combines the characteristics of the component grammars is presented. The resulting merged target grammar, which is also merged with a standard grammar, is used along with various dictionaries to generate guesses that quickly match target passwords. The experimental results demonstrate that the approach significantly improves password cracking performance.
Fichier principal
Vignette du fichier
456364_1_En_16_Chapter.pdf (174.29 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01716395 , version 1 (23-02-2018)

Licence

Identifiers

Cite

Shiva Houshmand, Sudhir Aggarwal. Using Personal Information in Targeted Grammar-Based Probabilistic Password Attacks. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.285-303, ⟨10.1007/978-3-319-67208-3_16⟩. ⟨hal-01716395⟩
100 View
242 Download

Altmetric

Share

More