Beyond the Dictionary Attack: Enhancing Password Cracking Efficiency through Machine Learning-Induced Mangling Rules

journal article in Web of Science

English

In the realm of digital forensics, password recovery is a critical task, with dictionary attacks remaining one of the oldest yet most effective methods. These attacks systematically test strings from pre-defined wordlists. To increase the attack power, developers of cracking tools have introduced password-mangling rules that apply additional modifications like character swapping, substitution, or capitalization. Despite several attempts to automate rule creation that have been proposed over the years, creating a suitable ruleset is still a  significant challenge. The current state-of-the-art research lacks a  deeper comparison and evaluation of the individual methods and their implications. In this paper, we introduce RuleForge, an ML-based mangling-rule generator that integrates four clustering techniques, 19 mangling rule commands, and configurable rule-command priorities. Our contributions include advanced optimizations, such as an extended rule command set and improved cluster-representative selection. We conduct extensive experiments on real-world datasets, evaluating clustering methods in terms of time, memory use, and hit ratios. Our approach, applied to the MDBSCAN method, achieves up to an 11.67%pt. higher hit ratio than the best yet-known state-of-the-art solution.

Password, Rules, John the Ripper, Hashcat, Clustering

HRANICKÝ, R.; ŠÍROVÁ, L.; RUCKÝ, V.

31. 3. 2025

Melksham

2666-2817

Forensic Science International: Digital Investigation

52

1

United States of America

1

10

10

https://www.sciencedirect.com/science/article/pii/S2666281725000046

DFRWS___Beyond_the_Dictionary_Attack.pdf