Among the many problems with account passwords today is that they are often stored as hashes in databases which can be easily cracked using modern computing. One of the ways to test password strength is to build a dictionary of commonly used words and hash each one to find a match.
Inspired by other projects in this field, I trained a recurrent neural network that learns how humans construct passwords. From this trained model, I was able to generate a new dictionary of potential passwords which successfully cracked over 50,000 real passwords from leaked hash databases.
See my blog post for more information.
There is no Jupyter notebook or single script to pull this project together. The analysis was done in a torch-rnn Docker container on an Ubuntu nVidia GPU instance. All the data used in the analysis are saved in this repo.
Main Project
- Crackstation_Model.t7
- Torch7 recurrent neural network which can be loaded into torch-rnn to generate passwords
- scripts/Sample.py
- Simple Python script to make it easier to run the torch-rnn model and output a large number of results to a text file
- Crackstation-Human-Only.txt
- Original list of 65 million real human passwords from Crackstation
- Crackstation-Human-Stemmed.txt
- The "base words" from Crackstation's password list after stemming with epixoip's bash command to remove numbers and special characters
- This is the password list that I trained the model on
- eHarmony-Hashes.txt
- The leaked eHarmony password database breach with over 1.5 million MD5 hashed passwords
- This is the database I cracked to test the model results
- Generated_List.txt
- The new dictionary that I generated from the model, which cracked 50,000 new passwords in the eHarmony list
- Pass_Pres.pdf
- Class presentation in PDF format
- You can find it in Reveal.js format here
Future Project (/scripts folder)
These files can be used for a different analysis in which we generate passwords based on a list of commonly used words (as opposed to generating passwords randomly which I do in the Main Project).
- scripts/Sample_Oneword.lua
- Slightly edited version of torch-rnn sampling script to initialize the model on a single word
- scripts/Sample_Oneword.py
- Python script that takes a text file and feed words one at a time into sample_oneword.lua
If you have any questions or comments on this project, you can find me below:
E-mail: hasan.haq@gmail.com
Twitter: @hhaq2010
Website: www.hasanhaq.com