PG-Pass:Targeted Online Password Guessing Model based on Pointer Generator Network

Li, Yang; Li, Yong; Chen, Xi; Shi, Ruixin; Han, Jizhong

doi:10.1109/cscwd54268.2022.9776149

Cited by 2 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the development of natural language processing techniques, some sophisticated neural networks are applied to the field of targeted password guessing. In [ 73 ], the authors proposed a targeted password guessing model called PG-Pass composed of the pointer generator network. This work innovatively considers targeted password guessing as a summarization task and applies pointer network techniques commonly used in the field of intelligent summarization to it.…”

Section: Password Guessingmentioning

confidence: 99%

“…Since the datasets used in each work are different, it is difficult to make a cross-sectional comparison. Taking the 12306 dataset as an example, the existing targeted password guessing methods have a guess accuracy rate of about 41.07% when the guessing set is 100 [ 73 ]. In the reuse guessing scenario, when the victim’s password at site A (namely

) is known, within 100 guesses, the cracking success rate of the SOTA method [ 77 ] in guessing her password at site B (

) is 24.2% (for common users) and 11.7% (for security-savvy users), respectively.…”

Section: Password Guessingmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Review on Password Guessing Tasks

Yu,

Yin,

Yin

et al. 2023

Entropy

View full text Add to dashboard Cite

Recently, many password guessing algorithms have been proposed, seriously threatening cyber security. In this paper, we systematically review over thirty methods for password guessing published between 2016 and 2023. First, we introduce a taxonomy for classifying the existing methods into trawling guessing and targeted guessing. Second, we present an extensive benchmark dataset that can assist researchers and practitioners in successive works. Third, we conduct a bibliometric analysis to present trends in this field and cross-citation between reviewed papers. Further, we discuss the open challenges of password guessing in terms of diverse application scenarios, guessing efficiency, and the combination of traditional and deep learning methods. Finally, this review presents future research directions to guide successive research and development of password guessing.

show abstract

Section: Password Guessingmentioning

confidence: 99%

) is known, within 100 guesses, the cracking success rate of the SOTA method [ 77 ] in guessing her password at site B (

) is 24.2% (for common users) and 11.7% (for security-savvy users), respectively.…”

Section: Password Guessingmentioning

confidence: 99%

A Systematic Review on Password Guessing Tasks

Yu,

Yin,

Yin

et al. 2023

Entropy

View full text Add to dashboard Cite

show abstract

Honey password vaults tolerating leakage of both personally identifiable information and passwords

An,

Xiao,

Liu

et al. 2024

Cybersecurity

View full text Add to dashboard Cite

Honey vaults are useful tools for password management. A vault usually contains usernames for each domain, and the corresponding passwords, encrypted with a master password chosen by the owner. By generating decoy vaults for incorrect master password attempts, honey vaults force attackers with the vault’s storage file to engage in online verification to distinguish the real vaults, thus thwarting offline guessing attacks. However, sophisticated attackers can acquire additional information, such as personally identifiable information (PII) and partial passwords contained within the vault from various data breaches. Since many users tend to incorporate PII in their passwords, attackers may utilize PII to distinguish the real vault. Furthermore, if attackers may learn partial passwords included in the real vault, it can exclude numerous decoy vaults without the need for online verification. Indeed, both leakages pose serious threats to the security of the existing honey vault schemes. In this paper, we explore two attack variants of the inspired attack scenario, where the attacker gains access to the vault’s storage file along with acquiring PII and partial passwords contained within the real vault, and design a new honey vault scheme. For security assurance, we prove that our scheme is secure against one of the aforementioned attack variants. Moreover, our experimental findings suggest enhancements in security against the other attack. In particular, to evaluate the security in multiple leakage cases where both the vault’s storage file and PII are leaked, we propose several new practical attacks (called PII-based attacks), building upon the existing practical attacks in the traditional single leakage case where only the vault’s storage file is compromised. Our experimental results demonstrate that certain PII-based attacks achieve a 63–70% accuracy in distinguishing the real vault from decoys in the best-performing honey vault scheme (Cheng et al. in Incrementally updateable honey password vaults, pp 857–874, 2021). Our scheme reduces these metrics to 41–50%, closely approaching the ideal value of 50%.

show abstract

PG-Pass:Targeted Online Password Guessing Model based on Pointer Generator Network

Cited by 2 publications

References 10 publications

A Systematic Review on Password Guessing Tasks

A Systematic Review on Password Guessing Tasks

Honey password vaults tolerating leakage of both personally identifiable information and passwords

Contact Info

Product

Resources

About