PCWQ: A Framework for Evaluating Password Cracking Wordlist Quality

Authors: Kanta, Aikaterini; Coisel, Iwen and Scanlon, Mark

Publication Date: December 2021

Publication Name: The 12th EAI International Conference on Digital Forensics and Cyber Crime

Abstract:

The persistence of the single password as a method of authentication has driven both the efforts of system administrators to nudge users to choose stronger, safer passwords and elevated the sophistication of the password cracking methods chosen by their adversaries. In this constantly moving landscape, the use of wordlists to create smarter password cracking candidates begs the question of whether there is a way to assess which is better. In this paper, we present a novel modular framework to measure the quality of input wordlists according to several interconnecting metrics. Furthermore, we have conducted a preliminary analysis where we assess different input wordlists to showcase the framework's evaluation process.

Download:

Download Paper as PDF

BibTeX Entry:

@inproceedings{kanta2021PasswordCrackingWordlistQuality,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{PCWQ: A Framework for Evaluating Password Cracking Wordlist Quality}",
booktitle="{The 12th EAI International Conference on Digital Forensics and Cyber Crime}",
series = {ICDF2C '21},
year=2021,
month=12,
location={Boston, USA},
publisher={Springer},
address = {New York, NY, USA},
abstract={The persistence of the single password as a method of authentication has driven both the efforts of system administrators to nudge users to choose stronger, safer passwords and elevated the sophistication of the password cracking methods chosen by their adversaries. In this constantly moving landscape, the use of wordlists to create smarter password cracking candidates begs the question of whether there is a way to assess which is better. In this paper, we present a novel modular framework to measure the quality of input wordlists according to several interconnecting metrics. Furthermore, we have conducted a preliminary analysis where we assess different input wordlists to showcase the framework's evaluation process.}
}