Data Acquisition

New Technology Can Crack and Fix Passwords

11 May 2017

Image credit: Santeri Viinamaki / CC BY-SA 4.0Image credit: Santeri Viinamaki / CC BY-SA 4.0Having trouble coming up with a minimum of eight letters, one capital letter and a special character to create a new password? Having trouble remembering that password? Researchers at the E-Crime Investigative Technologies Laboratory at Florida State University are looking into developing more sophisticated software to crack passwords in an effort to build better passwords.

“We rely on passwords for many activities–online shopping, banking and storing medical information,” said Sudhir Aggarwal, a professor in the FSU Department of Computer Science. “With credit card and social security numbers at risk, a stronger technology is needed to ensure we are creating passwords that will actually protect our information.”

Aggarwal has published research concerning password hacking in academic journals, focusing mainly on the use of probability in developing a context-free, grammar-based password cracking system. Aggarwal has now turned that work into patented technology.

“Our technology evaluates password strength by trying to break it,” Aggarwal said. “Our system takes the proposed password and generates guesses in the highest probability order. The more guesses it takes, the longer the time it will take an attacker to crack the password.”

Citing the difficulty in remembering passwords generated by standard methods, Aggarwal wants to make passwords easier for the user to remember but harder to crack.

“If our system can successfully crack a password, it will propose a password similar to the one submitted but with slight format variations, making it easier to remember,” Aggarwal said.

Aggarwal hopes this technology can help provide support for companies learning to secure private information and for law enforcement trying to crack encrypted files or hard drives.

“Since law enforcement officers have a limited amount of time and resources that can be devoted to a password cracking session, it is important for them to make the best guesses possible,” he said. “Our program uses a more precise mathematical background compared to other applications, providing a more efficient process by generating password structures in highest probability order.”

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Our flagship newsletter covers all the technologies engineers need for new product development across disciplines and industries.

Upcoming Events