Institute of Electrical & Electronic Engineers
Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task. In this paper, the authors discuss a new method that generates password structures in highest probability order. They first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords. This grammar then allows the user to generate word-mangling rules, and from them, password guesses to be used in password cracking. They will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing their tools and techniques on real password sets.