U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Password Cracking Using Probabilistic Context-Free Grammars

NCJ Number
308111
Author(s)
Matt Weir; Sudhir Aggarwal; Breno de Medeiros; Bill Glodek
Date Published
2009
Length
15 pages
Annotation

This paper outlines a new method for cracking passwords using probabilistic context-free grammars.

Abstract

In this paper the authors discuss a new method that generates password structures in highest probability order. The authors will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing their tools and techniques on real password sets. Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. The authors first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking. In one series of experiments, training on a set of disclosed passwords, this approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program. (Published Abstract Provided)