AI `` PassGAN '' that can crack most passwords within 1 minute has appeared, and is it impossible to analyze even PassGAN with any password?
Home Security Heroes, a cyber security company, has announced the results of an experiment to analyze actual passwords using AI `` PassGAN '' that predicts passwords with a neural network. According to it, about half of the common passwords were cracked in 1 minute, and 65% were cracked in 1 hour.
2023 Password Cracking: How Fast Can AI Crack Passwords?
Password guessing, which is usually used to crack passwords, is a simple data-driven tool. In other words, it is a method of performing password analysis based on a large amount of data. Such methods can be efficiently analyzed for small and predictable passwords, but become very difficult when the sample size is large and the pattern is complicated. It is said that it will take time.
The PassGAN used by Home Security Heroes this time is a type of adversarial generative network (GAN), and consists of two opposing neural networks: ``Generative Network'' and ``Discrimnate Network''. PassGAN is a system in which the Generative Network generates fake password samples, and the Discrimnate Network discriminates between the fake password samples and the real password samples, and the password prediction accuracy increases as it learns. is characterized by This allows PassGAN to analyze a wider range and faster than conventional password analysis tools.
In the Home Security Heroes test, 15.68 million passwords were quoted from the 'RockYou dataset' leaked from the social game site RockYou, and passwords with 18 or more characters or less than 4 characters were excluded, and PassGAN analyzed them. About.
As a result, 51% of the passwords were able to be analyzed within just one minute. In addition, it seems that 65% of the total could be analyzed within 1 hour, 71% within 1 day, and 81% within 1 month. Also, Home Security Heroes reports that a 7-character password could be analyzed in about 6 minutes, even if it contained symbols as well as numbers and alphabets.
On top of that, Home Security Heroes says, 'Passwords longer than 18 characters are safe for PassGAN.' If it is 18 characters or more, it will take at least 10 months to analyze even a password consisting only of numbers, and it will take 600 kyo years to decipher a password consisting of symbols, numbers, lowercase and uppercase letters of the alphabet.
Below is a table summarizing the time required for analysis by PassGAN for each number of characters and constituent character types of the password.
Home Security Heroes recommends that passwords are at least 15 characters long and contain a combination of upper and lower case letters, numbers and symbols. Also, in order to prevent decryption by PassGAN, it is effective to change important passwords every few months.
Related Posts: