AI Can Guess Your Password

Uploaded on 2017-11-13 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Developments

How can you guess a password in an efficient way? A new application of artificial intelligence and deep learning in the field of information security focuses on passwords.

Researchers from the Stevens Institute of Technology and the New York Institute of Technology have recently published results from their work using Generative Adversarial Networks (GANs) to generate password guesses at a better rate, they said, than existing tools.

By opting for these powerful analytical tools, the researchers said they can use machines to learn from existing data, such as any of the millions of passwords leaked in the last 18 months, and develop new password rules that not only improve the efficiency of the pen-testing tools, but also could someday be the primary tool used to recover or guess passwords.

“Let’s say tomorrow there is another password leak; if you’re building rules manually and you want to take advantage of that knowledge from the leak, you have to get people to go through it and see what is not matched. It’s a manual work,” said Paolo Gasti of NYIT, one of the researchers involved.

“What we are doing instead is we take the password dump, give it to the tool and let it run for a day, a week or a month and you’re done. You’ve already learned as much as the tool can learn from this new dataset.”

PassGAN technology “represents a substantial improvement on rule-based password generation tools because it infers password distribution information autonomously from password data rather than via manual analysis,” the researchers wrote. “As a result, it can effortlessly take advantage of new password leaks to generate richer password distributions.”

According to threatpost.com, GANs are deep-learning tools that are made up of two deep neural networks: generative and discriminative. The deep learning is used in many applications to generate something new from a dataset (i.e., scanning thousands of images of faces or rooms to create a new, unique image).

Gasti said this may be the first application of GANs in security, and their intent was to teach the deep neural networks what user-chosen passwords look like without providing the network any context, such as personal information like dates of birth or pet names which users often combine when forming what they believe are complex passwords.

“We are not providing any information, just blindly giving a set of passwords to the machine, and the machine is figuring out what a password is.

“The idea is that this machine will go through these passwords hundreds of thousands of times and every time it runs through them, it learns something new, some new relationship between components of a password,” Gasti said. “The hundred-thousandth pass might be ‘I’ve identified this word and numbers and know the relationship between them and the probability that binds them.’

Ideally, a fast cluster of machines could analyse millions of passwords for a month, for example, and extract rules that a manual process could never generate, he said.

I-HLS

You Might Also Read

Keeping Passwords Safe From Cracking:

Will Biometrics Take Over From Passwords?:

« Insurance Will Reduce Cyber Losses
Israeli Spies Hacked Kaspersky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Northwave

Northwave

Northwave is 100% focused on providing integrated high quality information security services.

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.