A Pair of AIs Have Become Very Good at Guessing Your Passwords
Two neural networks can guess a quarter of the passwords in use on a website. At least that's according to new research by a team from the Stevens Institute of Technology, who have built a so-called generative adversarial network that can make educated guesses at what your password might be.
The underlying idea is simple enough: have one neural network build something, then use another to determine its quality. It's a concept masterminded by Ian Goodfellow, one of our 35 Innovators Under 35 for 2017, who isn't part of this research project.
What the Stevens Institute team has done with that idea is have one AI chomp through tens of millions of leaked passwords to learn how to generate new ones, while the other learned how to judge whether a newly created one was compelling. Comparing their efforts to a LinkedIn credentials leak, the AI-generated passwords matched 12 percent of the real ones. When the researchers also rolled in some human-created rules from a software tool known as hashCat, they were able to guess 27 percent of passwords—as much as 24 percent more than hashCat can achieve alone.
It is, obviously, still a technique in its infancy, and it's unclear if a 24 percent boost really warrants the weight of such advanced machine learning. But this appears to be the first time that a generative adversarial network has been used to help crack passwords, and it seems likely that the technique will improve faster than conventional approaches as it chews on more data.
At any rate, it may not be all bad news. As Thomas Ristenpart, a computer scientist from Cornell Tech in New York City, tells Science: “The new technique could also potentially be used to generate decoy passwords to help detect breaches.”
Keep Reading
Most Popular
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.