Next Article in Journal
Entity Linking via Symmetrical Attention-Based Neural Network and Entity Structural Features
Previous Article in Journal
Isoperimetric Numbers of Randomly Perturbed Intersection Graphs
Article

Study on Massive-Scale Slow-Hash Recovery Using Unified Probabilistic Context-Free Grammar and Symmetrical Collaborative Prioritization with Parallel Machines

by 1,*,†, 1,†, 2,† and 2,†
1
College of Computer, National University of Defense Technology, Changsha 410073, China
2
VeriClouds Co., Seattle, WA 98105, USA
*
Author to whom correspondence should be addressed.
The authors contribute equally to this work and are co-first authors.
Symmetry 2019, 11(4), 450; https://doi.org/10.3390/sym11040450
Received: 23 February 2019 / Revised: 22 March 2019 / Accepted: 26 March 2019 / Published: 1 April 2019
Slow-hash algorithms are proposed to defend against traditional offline password recovery by making the hash function very slow to compute. In this paper, we study the problem of slow-hash recovery on a large scale. We attack the problem by proposing a novel concurrent model that guesses the target password hash by leveraging known passwords from a largest-ever password corpus. Previously proposed password-reused learning models are specifically designed for targeted online guessing for a single hash and thus cannot be efficiently parallelized for massive-scale offline recovery, which is demanded by modern hash-cracking tasks. In particular, because the size of a probabilistic context-free grammar (PCFG for short) model is non-trivial and keeping track of the next most probable password to guess across all global accounts is difficult, we choose clever data structures and only expand transformations as needed to make the attack computationally tractable. Our adoption of max-min heap, which globally ranks weak accounts for both expanding and guessing according to unified PCFGs and allows for concurrent global ranking, significantly increases the hashes can be recovered within limited time. For example, 59.1% accounts in one of our target password list can be found in our source corpus, allowing our solution to recover 20.1% accounts within one week at an average speed of 7200 non-identical passwords cracked per hour, compared to previous solutions such as oclHashcat (using default configuration), which cracks at an average speed of 28 and needs months to recover the same number of accounts with equal computing resources (thus are infeasible for a real-world attacker who would maximize the gain against the cracking cost). This implies an underestimated threat to slow-hash protected password dumps. Our method provides organizations with a better model of offline attackers and helps them better decide the hashing costs of slow-hash algorithms and detect potential vulnerable credentials before hackers do. View Full-Text
Keywords: data security; distributed computing; probabilistic context-free grammar; slow hash data security; distributed computing; probabilistic context-free grammar; slow hash
Show Figures

Figure 1

MDPI and ACS Style

Wu, T.; Yang, Y.; Wang, C.; Wang, R. Study on Massive-Scale Slow-Hash Recovery Using Unified Probabilistic Context-Free Grammar and Symmetrical Collaborative Prioritization with Parallel Machines. Symmetry 2019, 11, 450. https://doi.org/10.3390/sym11040450

AMA Style

Wu T, Yang Y, Wang C, Wang R. Study on Massive-Scale Slow-Hash Recovery Using Unified Probabilistic Context-Free Grammar and Symmetrical Collaborative Prioritization with Parallel Machines. Symmetry. 2019; 11(4):450. https://doi.org/10.3390/sym11040450

Chicago/Turabian Style

Wu, Tianjun, Yuexiang Yang, Chi Wang, and Rui Wang. 2019. "Study on Massive-Scale Slow-Hash Recovery Using Unified Probabilistic Context-Free Grammar and Symmetrical Collaborative Prioritization with Parallel Machines" Symmetry 11, no. 4: 450. https://doi.org/10.3390/sym11040450

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop