Memory chunking analysis of numerical password for Chinese websites
Abstract
The conventional password cracking methods view the consecutive digits in passwords as a single unit without understanding the internal structures of digits. In this paper, in order to enhance the analysis of numerical passwords, we borrow the idea of chunking in psychology, and segment each numerical password into small chunks to help understand the structures. Empirically, we learn chunks and structures based on their frequencies from the numerical passwords of leaked corpus, and model them with probabilistic context-free grammars to generate password guesses. Experiment results on the leaked Chinese password corpus included 24 million entries show that our approach achieves 46.91% relative gains over word lists approach, and 31.07% relative gains in the first 1 million guesses than John the Ripper (JtR), and 50.76% relative gains for guessing long numerical password than JtR.