Freelance Technical Director, Senior Software Engineer @Page On Stage
George is a freelance CTO, IT Consultant, Freelance Senior Software Engineer and Managing Director at Page on Stage from Graz, Austria.
Tailored, Machine Learning-driven Password Guessing Attacks and Mitigation
“When passwords are attacked by password cracking software like John the Ripper or hashcat, the efficiency of this process is significantly affected by the quality of the password lists that are used. Traditionally, tools like these use rule sets or masks along with dictionaries that include leaked passwords gained by previous successful attacks. However, these pre-identified password creation schemes are chosen and converted to attack patterns either by humans or by static automation algorithms which might miss actual human password patterns. Additionally, these tools have limited capabilities in generating password lists of individuals.
This talk is based on the presenter’s recent master’s thesis and hence will deal with the application of machine learning to password list generation to create human-like password dictionaries using character-based Recurrent Neural Networks. Furthermore, it will show that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. Additionally, a machine learning classification method will be presented to identify human-generated passwords.