About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
MILCOM 2016
Conference paper
Memory chunking analysis of numerical password for Chinese websites
Abstract
The conventional password cracking methods view the consecutive digits in passwords as a single unit without understanding the internal structures of digits. In this paper, in order to enhance the analysis of numerical passwords, we borrow the idea of chunking in psychology, and segment each numerical password into small chunks to help understand the structures. Empirically, we learn chunks and structures based on their frequencies from the numerical passwords of leaked corpus, and model them with probabilistic context-free grammars to generate password guesses. Experiment results on the leaked Chinese password corpus included 24 million entries show that our approach achieves 46.91% relative gains over word lists approach, and 31.07% relative gains in the first 1 million guesses than John the Ripper (JtR), and 50.76% relative gains for guessing long numerical password than JtR.