Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary Data
arxiv(2023)
摘要
We introduce the concept of "universal password model" – a password model
that, once pre-trained, can automatically adapt its guessing strategy based on
the target system. To achieve this, the model does not need to access any
plaintext passwords from the target credentials. Instead, it exploits users'
auxiliary information, such as email addresses, as a proxy signal to predict
the underlying password distribution. Specifically, the model uses deep
learning to capture the correlation between the auxiliary data of a group of
users (e.g., users of a web application) and their passwords. It then exploits
those patterns to create a tailored password model for the target system at
inference time. No further training steps, targeted data collection, or prior
knowledge of the community's password distribution is required. Besides
improving over current password strength estimation techniques and attacks, the
model enables any end-user (e.g., system administrators) to autonomously
generate tailored password models for their systems without the often
unworkable requirements of collecting suitable training data and fitting the
underlying machine learning model. Ultimately, our framework enables the
democratization of well-calibrated password models to the community, addressing
a major challenge in the deployment of password security solutions at scale.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要