Despite their well-known weaknesses, passwords are still the de-facto authentication method for most online systems. Due to its importance, password cracking has been vibrantly researched both for offensive and defensive purposes. Hashcat and John the Ripper are the most popular cracking tools, allowing users to crack millions of passwords in a short time. However, their rule-based cracking has an explicit limitation of depending on password-cracking experts to come up with creative rules. To overcome this limitation, a recent trend has been to apply machine learning techniques to research on password cracking. For instance, state-of-the-art password guessing studies such as PassGAN and rPassGAN adopted a Generative Adversarial Network (GAN) and used it to generate high-quality password guesses without knowledge of password structures. However, compared with the probabilistic context-free grammar (PCFG), rPassGAN shows inferior password cracking performance in some cases. It was also observed that each password cracker has its own cracking space that does not overlap with other models. This observation led us to realize that an optimized candidate dictionary can be made by combining the password candidates generated by multiple password generation models. In this paper, we suggest a deep learning-based approach called REDPACK that addresses the weakness of the cutting-edge cracking tools based on GAN. To this end, REDPACK combines multiple password candidate generator models in an effective way. Our approach uses the discriminator of rPassGAN as the password selector. Then, by collecting passwords selectively, our model achieves a more realistic password candidate dictionary. Also, REDPACK improves password cracking performance by incorporating both the generator and the discriminator of GAN. We evaluated our system on various datasets with password candidates composed of symbols, digits, upper and lowercase letters. The results clearly show that our approach outperforms all existing approaches, including rule-based Hashcat, GAN-based PassGAN, and probability-based PCFG. The proposed model was also able to reduce the number of password candidates by up to 65%, with only 20% cracking performance loss compared to the union set of passwords cracked by multiple-generation models.

中文翻译：

---

使用相对论GAN生成针对多词典的更好密码破解的最佳猜测候选人

尽管存在众所周知的弱点，但密码仍然是大多数在线系统的实际身份验证方法。由于其重要性，已经针对攻击性和防御性目的积极地研究了密码破解。Hashcat和John Ripper是最受欢迎的破解工具，使用户可以在短时间内破解数百万个密码。但是，他们基于规则的破解有一个明显的局限性，那就是依赖密码破解专家来提出创造性的规则。为了克服此限制，最近的趋势是将机器学习技术应用于密码破解研究。例如，诸如PassGAN和rPassGAN之类的最先进的密码猜测研究采用了生成对抗网络（GAN），并使用它来生成高质量的密码猜测，而无需了解密码结构。然而，与概率上下文无关文法（PCFG）相比，rPassGAN在某些情况下显示出较差的密码破解性能。还观察到每个密码破解者都有其自己的破解空间，该破解空间不会与其他模型重叠。该观察结果使我们认识到，可以通过组合由多个密码生成模型生成的密码候选来制作优化的候选字典。在本文中，我们建议一种称为REDPACK的基于深度学习的方法，该方法可以解决基于GAN的最新破解工具的弱点。为此，REDPACK有效地组合了多个密码候选生成器模型。我们的方法使用rPassGAN的区分符作为密码选择器。然后，通过有选择地收集密码，我们的模型获得了更现实的密码候选字典。也，REDPACK通过合并GAN的生成器和鉴别器来提高密码破解性能。我们在各种数据集上对我们的系统进行了评估，这些数据集包含由符号，数字，大小写字母组成的候选密码。结果清楚地表明，我们的方法优于所有现有方法，包括基于规则的Hashcat，基于GAN的PassGAN和基于概率的PCFG。与多代模型破解的联合密码集相比，该提议的模型还能够最多减少65％的密码候选者，破解性能损失仅为20％。结果清楚地表明，我们的方法优于所有现有方法，包括基于规则的Hashcat，基于GAN的PassGAN和基于概率的PCFG。与多代模型破解的联合密码集相比，该提议的模型还能够最多减少65％的密码候选者，破解性能损失仅为20％。结果清楚地表明，我们的方法优于所有现有方法，包括基于规则的Hashcat，基于GAN的PassGAN和基于概率的PCFG。与多代模型破解的联合密码集相比，该提议的模型还能够最多减少65％的密码候选者，破解性能损失仅为20％。