A Preliminary Analysis of Password Guessing Algorithm

Recently, password guessing algorithms have received increased attention in the field of password security. In this paper, we present a brief review of various existing typical password guessing algorithms from the aspects of hypothesis, identified information, and theoretical models. We employ multiple criteria to understand and evaluate the performance of these algorithms. By analyzing the experimental results, we summarize the characteristics of different password guessing algorithms. We have experimentally proved that when the guess number is the same, the two algorithms guess more passwords than one algorithm. Furthermore, we propose a hybrid password guessing algorithm-PaMLGuess. The algorithm has both strong interpretability and generalization ability and uses probability mapping to solve the problem that the magnitudes of the probabilities given by different password guessing algorithms vary widely. Our work aims to gain a deeper understanding of an attacker’s capabilities and provide an improvement direction for password strength meters(PSMs) to help system administrators prevent the use of weak passwords.