Title | ||
---|---|---|
A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in Passwords |
Abstract | ||
---|---|---|
AbstractIn this article, we present a thorough evaluation of semantic password grammars. We report multifactorial experiments that test the impact of sample size, probability smoothing, and linguistic information on password cracking. The semantic grammars are compared with state-of-the-art probabilistic context-free grammar (PCFG) and neural network models, and tested in cross-validation and A vs. B scenarios. We present results that reveal the contributions of part-of-speech (syntactic) and semantic patterns, and suggest that the former are more consequential to the security of passwords. Our results show that in many cases PCFGs are still competitive models compared to their latest neural network counterparts. In addition, we show that there is little performance gain in training PCFGs with more than 1 million passwords. We present qualitative analyses of four password leaks (Mate1, 000webhost, Comcast, and RockYou) based on trained semantic grammars, and derive graphical models that capture high-level dependencies between token classes. Finally, we confirm the similarity inferences from our qualitative analysis by examining the effectiveness of grammars trained and tested on all pairs of leaks. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1145/3448608 | ACM Transactions on Privacy and Security |
Keywords | DocType | Volume |
Password guessing, PCFG, probabilistic context-free grammars, semantics | Journal | 24 |
Issue | ISSN | Citations |
3 | 2471-2566 | 0 |
PageRank | References | Authors |
0.34 | 0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Rafael Veras | 1 | 81 | 5.18 |
Christopher Collins | 2 | 1037 | 49.74 |
Julie Thorpe | 3 | 466 | 32.17 |