RLPassGAN: Password Guessing Model Based on GAN with Policy Gradient

The unsupervised neural network GAN can automatically generate synthetic samples conform to the distribution of learned samples. Therefore, password guessing models based on GAN, e.g. PassGAN are widely studied in recent years. However, there are two problems when dealing with discrete password data using GAN-based models. On the one hand, the non-differentiability of discrete password data may result in the failure of the backward of gradients; on the other hand, the outputs of the intermediate layers of the generator are incomplete password sequences, which cannot be directly evaluated by the discriminator until they reached the output layers, resulting in many redundant synthesized passwords. Therefore, a new password guessing method RLPassGAN based on SeqGAN with policy gradient are proposed in this paper. Policy gradient is applied to the proposed model to ensure that the model parameters can be continuously optimized. Furthermore, the incomplete password sequences of the output of the intermediate layers are evaluated by Monte Carlo search. The results show that in terms of the quality of the generated samples, the synthesized samples of RLPassGAN can cover more than 99% of the real passwords in the training set, while PassGAN and RNNPassGAN can only cover less than 30% of the real passwords in the training set; in terms of cracking on the specified site, RLPassGAN outperforms the two models by 16.4%–84.1%; in terms of cross-site cracking, RLPassGAN raised the cracking rate by 30.5%–84.9%.