Modeling Password Creation Habits with Probabilistic Context Free Grammars
Authors: Matt Weir

Date: August 3 2016
Publication: Passwords16 Las Vegas
Source 1: https://sites.google.com/site/reusablesec/Home/presentations-and-papers/bsides_2016_weir.pdf

Abstract or Summary:
People are not good at being unpredictable. It’s common knowledge that with passwords certain words are more common than others. Same goes for mangling rules. The problem comes into incorporating that knowledge into real world use cases. Probabilistic context free grammars (PCFGs) are one approach that can help turn the way we talk about password creation habits into how we actually model them. While the most obvious use for these techniques is to crack passwords, PCFGs also show promise with generating honeywords, (synthetic passwords), and designing more user friendly and secure password creation policies. To put it another way, by more effectively modeling how users create passwords we can design better security solutions.

This talk will focus on recent advancements with using PCFGs in the area of password research.


PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=IjqjVduCB6k Project page: https://github.com/lakiw/pcfg_cracker


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com