According to a new research by a team from the Stevens Institute of Technology, two neural networks can guess a quarter of the passwords in use on a website. The team earlier built a generative adversarial network that is capable of making calculated guesses at what a user’s password could be.
The team explained the underlying idea: have one neural network build something, then use another to determine its quality. This was Ian Goodfellow’s concept, who isn’t part of the research project.
The teams has one AI chomp through tens of millions of leaked passwords to learn how to generate new passwords, while the other learned to judge if the newly generated password is good enough.
The AI generated passwords matched 12 per cent of the real passwords when they compared their efforts to a LinkedIn credentials leak. When the researchers used some human-created rules from a software tool called hashCat, they were able to guess 27 per cent of passwords, 24 per cent more than hashCat can achieve alone.
It is still unclear if a 24 per cent boost will really justifies the potential of such advanced machine learning. But it appears to be the first time that a generative adversarial network has been used to crack a password, and the technique will improve faster than other techniques.