Fox News correspondent Madeleine Rivera has more on the rise of artificial intelligence as the federal government looks to address concerns and overcome the learning curve. Artificial intelligence tech has the ability to crack any kind of seven-character password in just six minutes, a new study has found. The research, shared by identity theft prevention company Home Security Heroes, said the same was true even if the password contains symbols. The company used a generative AI service called PassGAN to run through 15,680,000 common passwords from the Rockyou dataset to determine how long it would take to crack them. Rockyou is a data group used to train intelligent systems on password analysis.

If you didn't already believe that weak passwords could be cracked easily, artificial intelligence is here to prove the point definitively. An AI-driven tool cracked over half the passwords fed to it in under a minute--and 65 percent in under an hour. The experiment, which was run by cybersecurity firm Home Security Heroes, involved PassGAN, a new kind of password cracker. Unlike typical password cracking tools, which lean on fixed data sets, PassGAN is driven by two neural networks: one taught to generate passwords, and the other taught to distinguish between the the first's "fake" passwords and passwords taken from real data breaches. As it's trained, this kind of generative adaptive network learns to offer more sophisticated password predictions, allowing for faster and widespread cracking.

The security of passwords is dependent on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in password security research. Dictionary attacks must be carefully configured and modified to be representative of the actual threat. This approach, however, needs domain-specific knowledge and expertise that are difficult to duplicate. This paper compares various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations. The involved model categories are Recurrent Neural Networks, Generative Adversarial Networks, Autoencoder, and Attention mechanisms. Additionally, we proposed a promising research experimental design on using variations of IWGAN on password guessing under non-targeted offline attacks. Using these advanced strategies, we can enhance password security and create more accurate and efficient Password Strength Meters.

On hearing the term "password-cracking," many will think this post will be about how to guess someone's password or somewhat similar, but the reality is not always so satisfying. In general, whenever anybody types a password on any device or software, passwords don't get stored in the raw format in the database. Instead, raw passwords are first passed through the hashing algorithm, which converts the raw passwords into some particular sequence of letters, numbers, and special characters which looks entirely random for an ordinary being. Now there are several password database leaks and breaches all over the world. One such dataset is Rockyou Dataset, which contains about 31 million passwords; this is a widely used dataset because this dataset contains passwords in plain text format without any hashing.

On hearing the term "password-cracking," many will think this post will be about how to guess someone's password or somewhat similar, but the reality is not always so satisfying. In general, whenever anybody types a password on any device or software, passwords don't get stored in the raw format in the database. Instead, raw passwords are first passed through the hashing algorithm, which converts the raw passwords into some particular sequence of letters, numbers, and special characters which looks entirely random for an ordinary being. Now there are several password database leaks and breaches all over the world. One such dataset is Rockyou Dataset, which contains about 31 million passwords; this is a widely used dataset because this dataset contains passwords in plain text format without any hashing.

The scientists from Stevens will be giving a talk on the AI program's latest password-cracking developments at the 42nd IEEE Symposium on Security and Privacy in 2021. "Since 2017, we have improved PassGAN, and now it uses a form of reinforcement learning very similar to how AlphaZero has learned how to play chess," says Giuseppe Ateniese, the department chair of the Schaefer School of Engineering & Science at Stevens who co-authored the original paper on PassGAN. READ MORE: Three ways artificial intelligence can improve campus cybersecurity. The talk will expand on how deep learning models allow researchers to gain and interpret important intelligence -- such as semantic similarities between user passwords -- from large password data sets. "In our work, we show that these neural representations capture many properties of password distributions and enable new password guessing techniques," the study's leading researcher, Dario Pasquini, says in a preview of the upcoming IEEE talk.

This is the second installment in a two-part series about generative adversarial networks. For the full story, be sure to also read part one. Now that we've described the origin and general functionality of generative adversarial networks (GANs), let's explore the role of this exciting new development in artificial intelligence (AI) as it pertains to cybersecurity. Perhaps the most famous application of this technology is described in a paper by researchers Briland Hitaj, Paolo Gasti, Giuseppe Ateniese and Fernando Perez-Cruz titled "PassGAN: A Deep Learning Approach for Password Guessing," the code for which is available on GitHub. In this project, the researchers first used a GAN to test against password cracking tools John the Ripper and HashCat, and then to augment the guessing rules of HashCat.

Last year the credit reporting agency Equifax announced that malicious hackers had leaked the personal information of over 143 million people after their system was hacked, and while that's concerning it's long been known that if a hacker wants to access your online data by simply guessing your password then there's a high chance you'll be toast in less than an hour. Now though after a recent announcement there's even more bad news for users – scientists at the Stevens Institute of Technology in New Jersey have found a way using Artificial Intelligence (AI) to create a program that, when combined with existing hacker tools, took just minutes to figure out more than a quarter of all the passwords from a set of more than 43 million LinkedIn profiles. And perhaps yours was one of them…? Despite this concerning turn of events though the same researchers say the technology may also be able to be used to beat hackers at their own game by helping users measure the strength of their passwords. "The new technique could also potentially be used to generate decoy passwords to help detect breaches," says Thomas Ristenpart, a computer scientist who studies computer security at Cornell Tech in New York who wasn't involved with the study, which is something that another team accomplished last year by creating a bot that tells you when your accounts have been hacked even when the companies being hacked didn't know, or didn't fess up to the fact.

State-of-the-art password guessing tools, such as HashCat and John the Ripper, enable users to check billions of passwords per second against password hashes. In addition to performing straightforward dictionary attacks, these tools can expand password dictionaries using password generation rules, such as concatenation of words (e.g., "password123456") and leet speak (e.g., "password" becomes "p4s5w0rd"). Although these rules work well in practice, expanding them to model further passwords is a laborious task that requires specialized expertise. To address this issue, in this paper we introduce PassGAN, a novel approach that replaces human-generated password rules with theory-grounded machine learning algorithms. Instead of relying on manual password analysis, PassGAN uses a Generative Adversarial Network (GAN) to autonomously learn the distribution of real passwords from actual password leaks, and to generate high-quality password guesses. Our experiments show that this approach is very promising. When we evaluated PassGAN on two large password datasets, we were able to surpass rule-based and state-of-the-art machine learning password guessing tools. However, in contrast with the other tools, PassGAN achieved this result without any a-priori knowledge on passwords or common password structures. Additionally, when we combined the output of PassGAN with the output of HashCat, we were able to match 51%-73% more passwords than with HashCat alone. This is remarkable, because it shows that PassGAN can autonomously extract a considerable number of password properties that current state-of-the art rules do not encode.

This repository contains code for the PassGAN: A Deep Learning Approach for Password Guessing paper. The model from PassGAN is taken from Improved Training of Wasserstein GANs and it is assumed that the authors of PassGAN used the improved_wgan_training tensorflow implementation in their work. For this reason, I have modified that reference implementation in this repository to make it easy to train (train.py) Use the pretrained model to generate 1,000,000 passwords, saving them to gen_passwords.txt. Training a model on a large dataset (100MB) can take several hours on a GTX 1080.