Password Strength and Cracking Potential - Adapted from EC521 Final Project

Abstract

Most people have been exposed to rudimentary password cracking techniques that rely mostly on brute force attacks via commonly used tools such as Hashcat and John the Ripper. However, in the words of MIT’s Hacker Code of Ethics, "brute force is the last resort of the incompetent." As a result, we introduce various methods for better password cracking. The ultimate result of this will be greater exposure to the depth that exists within password cracking, as well as a greater understanding of common methods and tools used in more advanced password cracking. This will all be contextualized by looking at what constitutes a good password, and why certain passwords are more easily cracked than others.

References

• D. Bhatia, R. Ohhata, J. Wasson, S. Au, B. Desiata, 2021. “Advanced Password Cracking: Final Report.” [Link]
• de Carné de Carnavalet, X., & Mannan, M. (2014). From very weak to very strong: Analyzing password-strength meters. Proceedings 2014 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2014.23268
• P. G. Kelley et al., "Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms," 2012 IEEE Symposium on Security and Privacy, 2012, pp. 523-537, doi: 10.1109/SP.2012.38.