Probabilistic Passphrase Cracking Luc Gommans Radically Open - - PowerPoint PPT Presentation

probabilistic passphrase cracking
SMART_READER_LITE
LIVE PREVIEW

Probabilistic Passphrase Cracking Luc Gommans Radically Open - - PowerPoint PPT Presentation

Apr 26, 2023 315 likes •490 views

Probabilistic Passphrase Cracking Luc Gommans Radically Open Security Contents 1. Introduction 2. Prior Work 3. Research Question 4. Methods 5. Results 6. Conclusions 7. Future work 2 What are passphrases? balsa chew pure swan I

slide-1
SLIDE 1

Probabilistic Passphrase Cracking

Luc Gommans Radically Open Security

slide-2
SLIDE 2

2

Contents

  • 1. Introduction
  • 2. Prior Work
  • 3. Research Question
  • 4. Methods
  • 5. Results
  • 6. Conclusions
  • 7. Future work
slide-3
SLIDE 3

3

What are passphrases?

  • balsa chew pure swan
  • I have got a nice bike
slide-4
SLIDE 4

4

Prior Work

  • 2012 Labrande

Hybrid dictionary attack

  • 2016 Sparell and Simovits

Markov chains

  • 2017 Gaastra, Gijtenbeek and Gommans

Using lyrics and famous quotes

slide-5
SLIDE 5

5

Research Question

How can software efciently generate likely passphrases, to be used in passphrase cracking?

  • Efcient:

– Computational power – RAM – Storage

  • Likely:

– Results

slide-6
SLIDE 6

6

Contribution

  • Implement a new

method

  • Compare diferent methods

– Make previous work

directly comparable

slide-7
SLIDE 7

7

Hybrid dictionary attack

  • Reproduced Labrande‘s work

– Training dataset – Efectiveness comparison

  • Dictionary of phrases + sets of rules

– Lowercase all, remove spaces, etc.

slide-8
SLIDE 8

8

Probabilistic Method Selection

  • Markov chains

done by Sparell and Simovits

  • Probabilistic Context-Free Grammar

applied to passwords successfully

  • N-grams

popular in text prediction

slide-9
SLIDE 9

9

Context-Free Grammar

S → NP VP NP → Det N | W VP → V NP W → I | he | she | Joe Det → a | the | my | his N → elephant | cat | jeans | suit V → kicked | followed | shot

  • I followed Joe
  • a cat shot my elephant
slide-10
SLIDE 10

10

Probabilistic Context-Free Grammar

  • NP → 0.7(Det N) | 0.3(W)
  • Generate probabilities and rules based on texts

– Word classifcation database

slide-11
SLIDE 11

11

N-grams

  • „have we lost or have we won“ n=2

– 2 have we – 1 we lost – 1 lost or – 1 or have – 1 we won

→ have we won

slide-12
SLIDE 12

12

N-grams

  • Generated weighted statistics from:

– Wikipedia articles – Previously cracked passphrases

  • Cracking by taking the most frequently occurring

n-gram and fnding continuations

slide-13
SLIDE 13

13

Results Efectiveness

  • Hybrid dictionary (Labrande)

– 4.2M phrases of Korelogic (200k of ≥16 characters)

  • Hybrid dictionary (ours)

– 2.3M phrases of Korelogic (147k of ≥16 characters) – 1.3M phrases of LinkedIn (13k of ≥16 characters)

  • Markov chains

– 25k phrases of LinkedIn (384 of ≥16 characters)

  • N-grams

– 835k phrases of Korelogic (33k of ≥16 characters) – 482k phrases of LinkedIn (4k of ≥16 characters)

slide-14
SLIDE 14

14

Results Efciency

  • Hybrid dictionary

– Speed: >10 000 000 pps (phrases per second) – Storage: medium (690MiB)

  • Markov chains

– Speed: 2 500–22 500 pps – Storage: unknown

  • N-grams

– Speed: 3 300 000 pps – Storage: low-medium (47-464MiB)

slide-15
SLIDE 15

15

Conclusions

  • Hybrid dictionary is efcient and efective
  • N-grams most efective when length of phrase ≤n
slide-16
SLIDE 16

16

Future work

  • Better language modeling using n-grams
  • Probabilistic Context-Free Grammar
  • Neural Networks
slide-17
SLIDE 17

17

Thank you

  • Thanks to Radically Open Security
  • See our git repository for GPLv3 licensed:

– N-gram phrase generator & models (n=2 and n=3) – Phrase dictionary & rules – Slides and preview of the paper

github.com/radicallyopensecurity/passphrase-cracking

  • Questions?