A framework for password-strength evaluation
C++ Perl R Python C Shell Makefile
Latest commit e0258ca Feb 23, 2017 @wrmelicher wrmelicher committed on GitHub Merge pull request #5 from stroucki/20170218
Run in 1/4 the time
Permalink
Failed to load latest commit information.
binaries Runtime now 1h08min. Feb 18, 2017
example conditions Merge branch 'master' of https://github.com/cupslab/guess-calculator-… Jul 12, 2015
example filters Version 1.0.0 Jul 2, 2015
reference results
scripts
weir2009
CorporaOptionsHandler.pm Version 1.0.0 Jul 2, 2015
CorporaUtils.pm Version 1.0.0 Jul 2, 2015
FAQ.md Version 1.0.0 Jul 2, 2015
INSTALL.md Version 1.0.0 Jul 2, 2015
IterateExperimentsOptionsHandler.pm Version 1.0.0 Jul 2, 2015
LICENSE Version 1.0.0 Jul 2, 2015
PlotResults.R Set default text size to 14 pt Jan 31, 2016
README.md Version 1.0.0 Jul 2, 2015
SingleRunOptionsHandler.pm Version 1.0.0 Jul 2, 2015
USAGE.md Update USAGE.md Sep 30, 2015
character_class_tokenizer.py Version 1.0.0 Jul 2, 2015
combine_equal_weight.py
create_training_and_test_corpora.pl Version 1.0.0 Jul 2, 2015
google_ngram_tokenizer.py Version 1.0.0 Jul 2, 2015
google_ngram_tokenizer_wrapper.sh Version 1.0.0 Jul 2, 2015
iterate_experiments.pl Version 1.0.0 Jul 2, 2015
process_wordfreq.py Version 1.0.0 Jul 2, 2015
single_run.pl Version 1.0.0 Jul 2, 2015
uniformize_strings.pl Version 1.0.0 Jul 2, 2015

README.md

Guess calculator framework

The guess calculator framework was designed to help researchers evaluate the strength of password sets against offline attackers. It uses an automated, machine-learning approach that processes a training corpus of passwords to learn a simple PCFG that can generate new passwords. This PCFG is then queried to extract probabilities for passwords, and a lookup table is constructed that represents bundles of passwords in sorted order. A 2 TB lookup table can correspond to over 700 trillion guesses, or more or less depending on the complexity of the learned grammar and the desired accuracy of the evaluation.

Please note that this code was written for research purposes for a specific hardware configuration and was not designed with portability in mind.

This work is derived from tools provided by Matt Weir at https://sites.google.com/site/reusablesec/Home/password-cracking-tools/probablistic_cracker and published at:

Weir, M., Aggarwal, S., Medeiros, B. d., and Glodek, B. Password cracking using probabilistic context-free grammars. In Proceedings of the 2009 IEEE Symposium on Security and Privacy, IEEE (2009), 391–405.

Please refer to the INSTALL.md, USAGE.md, FAQ.md, and LICENSE files for more information.