This paper outlines a new method for cracking passwords using probabilistic context-free grammars.
In this paper the authors discuss a new method that generates password structures in highest probability order. The authors will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing their tools and techniques on real password sets. Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. The authors first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. In one series of experiments, training on a set of disclosed passwords, this approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program. (Published Abstract Provided)