Mahdi Khorsravi
Enhanced password recovery through user profiling
Abstract
|
The ability to recover passwords is an important step in red-teaming and pen-etration testing and can help users to prevent data loss in case the data is pass-word protected and the password is lost. In this thesis, an exploration of pass-word recovery is made by incorporating user profiling. By using gender andregion as data points in order to profile users, it can be explored whether itwill enhance password recovery and if there exist any gender related or regionrelated biases. Machine learning models will be trained to predict gender froma given username and the top-level domain in an e-mail address is used as aregion classifier. A generative model based on Improved Wasserstein Genera-tive Adversarial Networks is trained to capture a distribution of passwords andthus be able to generate its own samples to be tested on.The results will show that the data points gender and region will enhancethe password recovery on their own and when combined together, they willproduce the most optimal results. However, different ways of combining thedata points will yield different results and this is explored further in the report.This opens up for future extensions regarding this topic. One can add moredata points in the discriminating part of thesis to perform attempts to increasethe password recovery accuracy even more. The aim is to provide informa-tion regarding password choices so that users understand in more detail theweaknesses of user-chosen passwords.
|