A novel dictionary generation methodology for contextual-based password cracking

Aikaterini Kanta*, Iwen Coisel, Mark Scanlon

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

4 Downloads (Pure)

Abstract

It has been more than 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed later, it is reasonable to assume that this prevailing authentication method will not fall out of popularity anytime soon. Naturally, each password is closely connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches that leverage large datasets of human-created passwords. Recent research has underlined the influence that context can have during password selection for a user. This information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. There are no automated approaches that can extract and utilize contextual information during the password cracking processes. In this paper, a methodology and framework for creating custom dictionary word lists for dictionary-based password cracking attacks are introduced, with a specific focus on leveraging contextual information encountered during an investigation. Furthermore, a detailed explanation of the framework's implementation is provided, and the benefits of the approach are demonstrated with the use of test cases.

Original languageEnglish
Pages (from-to)59178-59188
Number of pages11
JournalIEEE Access
Volume10
DOIs
Publication statusPublished - 2 Jun 2022

Keywords

  • context based password cracking
  • password cracking
  • Password cracking candidate generation
  • wordlist creation

Cite this