Research Article
Password Cracking by Exploiting User Group Information
@INPROCEEDINGS{10.1007/978-3-031-64948-6_26, author={Beibei Zhou and Daojing He and Sencun Zhu and Shanshan Zhu and Sammy Chan and Xiao Yang}, title={Password Cracking by Exploiting User Group Information}, proceedings={Security and Privacy in Communication Networks. 19th EAI International Conference, SecureComm 2023, Hong Kong, China, October 19-21, 2023, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2024}, month={10}, keywords={Group password Password analysis Password attack}, doi={10.1007/978-3-031-64948-6_26} }- Beibei Zhou
Daojing He
Sencun Zhu
Shanshan Zhu
Sammy Chan
Xiao Yang
Year: 2024
Password Cracking by Exploiting User Group Information
SECURECOMM
Springer
DOI: 10.1007/978-3-031-64948-6_26
Abstract
The past research study on the characteristics of passwords has paid much attention to language, regional or cultural differences and usability. However, few studies have pointed out differences due to information such as application types, users’ occupations, religious beliefs, and meanings of the digits in the culture. In this article, for the first time we put forward the concept of “group” characteristics, and found that the passwords of different groups have obviously different characteristics. For example, when dividing groups by religions of users, Christian groups like to include biblical names and words in passwords, such as “jesus”, “christ”, “angels” and “faith”. Accordingly, we proposegPGM, a neural network-based password guessing method that leverages group information to increase attack success. Our experiments show that gPGM can significantly increase the password cracking rate. In addition, the cracking rates for different groups, under the same number of guesses, also vary. For example, the cracking rate of the game group is very high, but that of the hacker group is very low.
