Improved WordPCFG for Passwords with Maximum Probability Segmentation

Modeling password distributions is a fundamental problem in password security, benefiting the research and applications on password guessing, password strength meters, honey password vaults, etc. As one of the best segment-based password models, WordPCFG has been proposed to capture individual semantic segments (called words) in passwords. However, we find WordPCFG does not address well the ambiguity of password segmentation by maximum matching, leading to the unreasonable segmentation of many password and further the inaccuracy of modeling password distributions. To address the ambiguity, we improve WordPCFG by maximum probability segmentation with A-like pruning algorithm. The experimental results show that the improved WordPCFG cracks 99.26%—99.95% passwords, with nearly 5.67%—18.01% improvement.