A. The Cracking Tests
A pbp-generator is used to generate a pattern-based dictionary file from the original rockyou password list which contains 14,344,399 unique passwords. pbp-generator generated a pattern-based dictionary file that contains 2,247,786,433 (circa 2.3 billion) unique passwords. The new dictionary file contains 156 times more passwords compared with the rockyou list. Having two different password files (i.e. the original rockyou list and the generated pattern-based dictionary file), dictionary attacks are performed by using Hashcat tool [15]. In the analysis, real-life MD5 and SHA1 password hashes are used that were disclosed by different cyber-attacks and made publicly available [16] on the Internet. Two parallel tests were performed. In the first test, it is checked that how many password hashes can be …show more content…
In the second test, how many password hashes can be cracked by using pattern-based password list generated by pbp-generator is checked. As the success results and cracked password examples given in Table VII show, the patterns enabled many more additional hashes to be cracked. For example, ca. 577,000 Gamigo.com password hashes could be cracked with the help of the rockyou list. On the other hand, the pattern-based dictionary file could crack ca. 365,000 additional password hashes which could not be cracked with the rockyou list. Based on this result, 63% more passwords could be cracked with our patterns. Similarly, by eharmony.com analysis the pattern-based dictionary could crack ca. 28,000 additional passwords. This concludes that we could crack 150% more passwords compared with cracking with the rockyou list