Cracking passwords with deep learning
Back in 2012, LinkedIn suffered a hack that leaked the entire database of user emails and passwords. The passwords were not stored in plain-text, they were hashed with SHA-1 and left unsalted. This means that the passwords were put through a one-way cryptographic function that left the password unknown unless guessed exactly. For example, instead of:
amsoawen@rotterdam.nl, cat
mankmrx@yahoo.com, password
amrita1240@gmail.com, mrsbutterworth
bigryder@yahoo.nl, cat
The password dump looked like
amsoawen@rotterdam.nl, 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
mankmrx@yahoo.com, 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
amrita1240@gmail.com, 71785ac6c2fb928c0652cdc26e1aba389565242b
bigryder@yahoo.nl, 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
There are two common attacks to crack the passwords, either brute-force all combinations or use a dictionary of previously identified passwords. The first method utilizes the raw processing power of your hardware (CPU or GPU), see hashCat for an example of state-of-the-art. The second method, is effective but limited in scope due to the pre-determined list of passwords.
This project proposes a third method.
We utilize a simple RNN-LSTM (Recurrent Neural Network with Long Short-Term Memory) built with tensorflow and tflearn. This RNN reads from a set of starter passwords and tries to predict new passwords from the linguistic patterns observed. These passwords are then validated against the LinkedIn dump and the RNN is re-trained.
To improve sampling speed, we sample from the RNN using hundreds of independent parallel streams. This avoids the expensive overhead of copying to the GPU for each character sampled. Full implementation can be found in src/model.py.
- Started with 654,500 matching passwords
- Ran 6 cycles of validate/train/sample (1 day/cycle)
- Generated 8,943,093 new passwords
- ~1300% enrichment from starter passwords
Hack && Tell, Round 37: Cell Out (with DC NLP!) presentation link
Want to find more password dumps? Start here, https://www.vigilante.pw/
More reading about the source data can be found in this nice Ars writeup
A student project that also used RNN-LSTM but with a slightly different approach.