S S symmetry Article Study on Massive-Scale Slow-Hash Recovery Using Unified Probabilistic Context-Free Grammar and Symmetrical Collaborative Prioritization with Parallel Machines Tianjun Wu 1,*,†, Yuexiang Yang 1,†, Chi Wang 2,† and Rui Wang 2,† 1 College of Computer, National University of Defense Technology, Changsha 410073, China;
[email protected] 2 VeriClouds Co., Seattle, WA 98105, USA;
[email protected] (C.W.);
[email protected] (R.W.) * Correspondence:
[email protected]; Tel.: +86-13-54-864-2846 † The authors contribute equally to this work and are co-first authors. Received: 23 February 2019; Accepted: 26 March 2019; Published: 1 April 2019 Abstract: Slow-hash algorithms are proposed to defend against traditional offline password recovery by making the hash function very slow to compute. In this paper, we study the problem of slow-hash recovery on a large scale. We attack the problem by proposing a novel concurrent model that guesses the target password hash by leveraging known passwords from a largest-ever password corpus. Previously proposed password-reused learning models are specifically designed for targeted online guessing for a single hash and thus cannot be efficiently parallelized for massive-scale offline recovery, which is demanded by modern hash-cracking tasks. In particular, because the size of a probabilistic context-free grammar (PCFG for short) model is non-trivial and keeping track of the next most probable password to guess across all global accounts is difficult, we choose clever data structures and only expand transformations as needed to make the attack computationally tractable. Our adoption of max-min heap, which globally ranks weak accounts for both expanding and guessing according to unified PCFGs and allows for concurrent global ranking, significantly increases the hashes can be recovered within limited time.