Forensics and Security Research Group Forensics and Security UCD and SETU research group

Inproceedings

PCWQ: A Framework for Evaluating Password Cracking Wordlist Quality

Aikaterini Kanta; Iwen Coisel; Mark Scanlon

December 2021 The 12th EAI International Conference on Digital Forensics and Cyber Crime
PDF BibTeX DOI

Contribution Summary

The persistence of passwords as a method of authentication has driven the development of sophisticated password cracking methods. To address this, the authors propose PCWQ, a modular framework for evaluating the quality of password cracking wordlists. The framework assesses wordlists based on several interconnecting metrics, including the final percentage of passwords cracked, the number of guesses until target, progress over time, the size of the wordlist, and better performance with stronger passwords. The authors conduct a preliminary analysis to demonstrate the framework's evaluation process and showcase its potential in improving wordlist generation processes. This research contributes to the field of password cracking and digital forensics by providing a novel approach to evaluating wordlist quality.

Keywords: Password Cracking; Wordlist Evaluation; Password Guessing Framework; Digital Forensics; Cybersecurity; Password Strength Meter; Password Cracking Techniques; Contextual Information

Abstract

The persistence of the single password as a method of authentication has driven both the efforts of system administrators to nudge users to choose stronger, safer passwords and elevated the sophistication of the password cracking methods chosen by their adversaries. In this constantly moving landscape, the use of wordlists to create smarter password cracking candidates begs the question of whether there is a way to assess which is better. In this paper, we present a novel modular framework to measure the quality of input wordlists according to several interconnecting metrics. Furthermore, we have conducted a preliminary analysis where we assess different input wordlists to showcase the framework's evaluation process.

BibTeX

@inproceedings{kanta2021PasswordCrackingWordlistQuality,
	author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
	title="{PCWQ: A Framework for Evaluating Password Cracking Wordlist Quality}",
	booktitle="{The 12th EAI International Conference on Digital Forensics and Cyber Crime}",
	series = {ICDF2C '21},
	year=2021,
	month=12,
	location={Boston, USA},
	publisher={Springer},
	address = {New York, NY, USA},
	abstract={The persistence of the single password as a method of authentication has driven both the efforts of system administrators to nudge users to choose stronger, safer passwords and elevated the sophistication of the password cracking methods chosen by their adversaries. In this constantly moving landscape, the use of wordlists to create smarter password cracking candidates begs the question of whether there is a way to assess which is better. In this paper, we present a novel modular framework to measure the quality of input wordlists according to several interconnecting metrics. Furthermore, we have conducted a preliminary analysis where we assess different input wordlists to showcase the framework's evaluation process.},
  doi={10.1007/978-3-031-06365-7_10},
}