AI Can Guess Your Password

Uploaded on 2017-11-13 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments

How can you guess a password in an efficient way? A new application of artificial intelligence and deep learning in the field of information security focuses on passwords.

Researchers from the Stevens Institute of Technology and the New York Institute of Technology have recently published results from their work using Generative Adversarial Networks (GANs) to generate password guesses at a better rate, they said, than existing tools.

By opting for these powerful analytical tools, the researchers said they can use machines to learn from existing data, such as any of the millions of passwords leaked in the last 18 months, and develop new password rules that not only improve the efficiency of the pen-testing tools, but also could someday be the primary tool used to recover or guess passwords.

“Let’s say tomorrow there is another password leak; if you’re building rules manually and you want to take advantage of that knowledge from the leak, you have to get people to go through it and see what is not matched. It’s a manual work,” said Paolo Gasti of NYIT, one of the researchers involved.

“What we are doing instead is we take the password dump, give it to the tool and let it run for a day, a week or a month and you’re done. You’ve already learned as much as the tool can learn from this new dataset.”

PassGAN technology “represents a substantial improvement on rule-based password generation tools because it infers password distribution information autonomously from password data rather than via manual analysis,” the researchers wrote. “As a result, it can effortlessly take advantage of new password leaks to generate richer password distributions.”

According to threatpost.com, GANs are deep-learning tools that are made up of two deep neural networks: generative and discriminative. The deep learning is used in many applications to generate something new from a dataset (i.e., scanning thousands of images of faces or rooms to create a new, unique image).

Gasti said this may be the first application of GANs in security, and their intent was to teach the deep neural networks what user-chosen passwords look like without providing the network any context, such as personal information like dates of birth or pet names which users often combine when forming what they believe are complex passwords.

“We are not providing any information, just blindly giving a set of passwords to the machine, and the machine is figuring out what a password is.

“The idea is that this machine will go through these passwords hundreds of thousands of times and every time it runs through them, it learns something new, some new relationship between components of a password,” Gasti said. “The hundred-thousandth pass might be ‘I’ve identified this word and numbers and know the relationship between them and the probability that binds them.’

Ideally, a fast cluster of machines could analyse millions of passwords for a month, for example, and extract rules that a manual process could never generate, he said.

I-HLS

You Might Also Read

Keeping Passwords Safe From Cracking:

Will Biometrics Take Over From Passwords?:

« Insurance Will Reduce Cyber Losses
Israeli Spies Hacked Kaspersky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.