Password Guessing Based on Recurrent Neural Networks and Generative Adversarial Networks

The progress of deep learning technology provides a potential way to improve the efficiency of password cracking. At present, there have been researches on applying deep learning models such as Recurrent Neural Networks(RNN) and Generative Adversarial Networks (GAN) to password guessing. Based on the implementation of password guessing algorithms such as RNN, PL(the combination of Probabilistic Context Free Grammar(PCFG) and Long Short-Term Memory(LSTM) at the model level) and GAN, this paper uses RNN instead of LSTM in the PL model and proposes the PR model (the combination of PCFG and RNN). To reduce the dependence of the guessing model on large training samples, we use the RNN network to generate the filling set of the letter segment of password, and propose the PR+model. In the experiments, we use 4 different data sets to test the cracking ability of different models. The results show that PR model is slightly higher than PL model and significantly higher than traditional main-stream models, i.e., PCFG (<107 guesses) and Markov (<106 guesses), in most data sets. At the same time, the training efficiency of PR model is far better than that of PL model. Due to the different characteristics of password samples generated by different models, we further adopt combinations of different guess sets to perform the same test process based on 4 real large-scale password datasets. To the best of our knowledge, we have confirmed for the first time that the combined guess set of different models is higher than that of the single guess set under the same guess number (107-108 guesses). While for the GAN model, when the guess number is 3.6×108, the cracking rate is only 31.41%. This indicates that the cracking rates of GAN is inferior to traditional statistics-based methods (such as PCFG and Markov) and RNN-based models, and we further explain the reason. © 2021, Science Press. All right reserved.