|
|
Automatizované generování pravidel pro modifikaci hesel s využitím metod strojového učení
Šírová, Lucia ; Veselý, Vladimír (referee) ; Hranický, Radek (advisor)
The success of password cracking using a dictionary attack is limited by the scope and quality of the used dictionary. One way to enhance the success rate of password cracking is to expand the dictionary with password mangling rules. These rules typically reflect human tendencies in password creation, such as appending numbers at the end of the password or capitalizing the first letter. This bachelor’s thesis describes a tool’s design and implementation process that aims to generate these rules by analysis of existing passwords, for example, from datasets obtained during security breaches. This tool enhances existing solutions by providing a choice of four distinct clustering methods. Unlike other rule-generating tools that leverage machine learning, it broadens the generated rules to nineteen unique types. Additionally, the tool offers customizable configurations for rule types and their priorities. Testing results suggest that the tool discussed in this bachelor’s thesis performs comparably or even better than a previously known state-of-the-art solutions.
|
|
|
Automated Creation of Password Mangling Rules
Drdák, Dominik ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
In the process of password cracking by a dictionary attack, the password repertoire is limited by the used dictionary. With the help of rules that can modify passwords from a dictionary, it is possible to extend such a dictionary with additional passwords. In order to maximize the benefits of these rules in password cracking, the rules can be generated based on existing data. Frequent patterns, such as capitalization, numbers at the end or frequently used substrings in passwords can be found in databases of leaked passwords. Based on the patterns obtained, a set of clever rules can be created that can significantly improve the success of a password cracking by dictionary attack. The gist of the work is based on this knowledge and presents specific methods for the implementation of these procedures. The work describes the design and implementation of such tool that can create a set of rules from existing passwords based on their similarity. The functionality of the tool and especially the benefits of the chosen method are shown experimentally.
|
|
|
Automated Creation of Password Mangling Rules
Drdák, Dominik ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
In the process of password cracking by a dictionary attack, the password repertoire is limited by the used dictionary. With the help of rules that can modify passwords from a dictionary, it is possible to extend such a dictionary with additional passwords. In order to maximize the benefits of these rules in password cracking, the rules can be generated based on existing data. Frequent patterns, such as capitalization, numbers at the end or frequently used substrings in passwords can be found in databases of leaked passwords. Based on the patterns obtained, a set of clever rules can be created that can significantly improve the success of a password cracking by dictionary attack. The gist of the work is based on this knowledge and presents specific methods for the implementation of these procedures. The work describes the design and implementation of such tool that can create a set of rules from existing passwords based on their similarity. The functionality of the tool and especially the benefits of the chosen method are shown experimentally.
|
guest ::
