GNPassGAN: Improved Generative Adversarial Networks For Trawling Offline Password Guessing
This work addresses password security for researchers and practitioners by providing an improved method for offline trawling attacks, though it is incremental over existing deep learning approaches.
The paper tackles the problem of simulating realistic password guessing attacks by introducing GNPassGAN, a generative adversarial network-based tool that guesses 88.03% more passwords and generates 31.69% fewer duplicates compared to the state-of-the-art PassGAN model.
The security of passwords depends on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in password security research. Dictionary attacks must be carefully configured and modified to represent an actual threat. This approach, however, needs domain-specific knowledge and expertise that are difficult to duplicate. This paper reviews various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations. It also introduces GNPassGAN, a password guessing tool built on generative adversarial networks for trawling offline attacks. In comparison to the state-of-the-art PassGAN model, GNPassGAN is capable of guessing 88.03\% more passwords and generating 31.69\% fewer duplicates.