Author(s): Rafael Veras, Christopher Collins, and Julie Thorpe

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014


We present the first framework for segmentation, semantic classification and generalization of passwords and demonstrate how probabilistic grammars encoding the semantics of password samples can lead to better cracking results than the state-of-the-art method. In sessions of 3 billion guesses, we guess approximately 67% more passwords from the LinkedIn leak and 32% more passwords from the MySpace leak.