Student(s): Hao Xu; Title: Improving Cracking Accuracy; Mentor(s): Xianping Wang, CITG.

Abstract:

Password cracking is the process of recovering plaintext from data that has been stored in or transmitted by computing systems in , security and digital forensics. There are many situations that require cracking: helping users recover forgotten passwords, gaining unauthorized access to systems, checking , etc. The most popular and applicable method is brute-force attack with various improvements such as , rainbow table attack. Usually they are accelerated with GPU, FPGA and ASIC. As passwords are usually stored in their hash codes instead of plaintext. to accelerate the password cracking process, caching the output of cryptographic hash codes of passwords, named as rainbow table, are used widely today. However, rainbow tables are usually created from exhaustive password dictionaries, in which many unusual combinations of letters, symbols and digits are contained, which decreased cracking efficiency and accuracy

The efficiency and accuracy of rainbow table cracking can be improved from many aspects such as password patterns, computing engines, etc. In this research, we will employ many openly available leaked passwords, to find their distribution by maximum likelihood estimation, design a password generator based on the found distribution, generate rainbow tables on the passwords generated by the designed password generator. The accuracy of our rainbow table cracker will be compared with several popular password crackers --- password cracker, , , and "