Overview
Explore a conference talk from USENIX Security '16 that delves into modeling password guessability using neural networks. Learn how researchers from Carnegie Mellon University developed a novel approach to evaluate password strength using artificial neural networks, offering improved accuracy and efficiency compared to existing methods. Discover how these neural networks can be compressed to mere hundreds of kilobytes without significantly compromising their effectiveness in guessing passwords. Understand the implementation of a JavaScript-based client-side model for password checking, capable of analyzing a password's resistance to guessing attacks with sub-second latency. Gain insights into the comparison between neural networks and state-of-the-art approaches like probabilistic context-free grammars and Markov models for password guessing. Follow the presentation's outline, covering topics such as generating passwords, password policies, design space, testing methodology, transference learning, and the advantages of neural networks in guessing various password classes. Examine the process of creating accurate, small, and fast password meters using neural networks, and understand how this research contributes to more practical and precise password checking methods.
Syllabus
Intro
Our Approach: Neural Networks
Outline: Guessing with Neural Networks
Generating Passwords
Password Policies: 1 class
Design Space
Testing Methodology
Transference Learning - More Accurate
Natural Language Doesn't Help
1class8: Neural Networks Guess Better
3class 12: Neural Networks Guess Better
Accurate Guessing Methods
Ideal Meter Targets
Making Meters Small
Making Meters Fast
Meter Accuracy
Modeling Passwords Using Neural Networks
Taught by
USENIX