A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking

Abstract

It has been over 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed since, it is reasonable to assume that this prevailing method of authentication will not be toppled anytime soon. Naturally, each password is tightly connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches leveraging large datasets of human created passwords. A 2021 study showed that the online identity of almost one in three Americans was stolen in the last year alone, with a further 13% not being sure if their credentials were also breached [1]. Recent research has underlined the influence that context can have during password selection for a user. Such information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. Besides manual techniques, there are no automated approaches that can extract and utilize contextual information during password cracking processes. In this paper, a methodology and framework for creating custom dictionary lists for dictionary attacks are introduced, with a specific focus on leveraging the contextual information encountered during an investigation. Furthermore, a detailed explanation the framework’s implementation is provided and the benefits of the approach are demonstrated with the use of test cases. This demonstrates the benefits of context in password cracking.